On 10/16/2019 02:04 AM, Demi M. Obenour wrote: > As I mentioned in another email, what I am really looking for is > multiplexing multiple socket connections over a single full-duplex > stream. As far as I know, SSH's forwarding allows only one kind of "socket", namely, TCP connections - as opposed to, e.g., UNIX sockets. If that's what you mean, my recommendation would be to establish the "trunk" connection not with OpenSSH, but OpenVPN. OpenVPN can use TCP and (preferred) UDP for the "trunk", can AFAIK be configured not to encrypt the *data* stream at all, will automatically re-establish the "trunk" when it gets closed, and the server can "push" a route to the subnet your Docker containers live in to the client. (If that subnet or the addresses thereon tend(s) to *change* over time, finding the proper IPs to connect to from the VPN client might become a (minor) problem.) If you want to avoid even the *potential* overhead of the encryption parts of a VPN software like OpenVPN, my next suggestion would be GRE, but I haven't done *that* on a unixoid base yet and you *will* have to do quite some work to permit GRE tunnels from A to B through all the firewalls that may sit on the path ... Kind regards, -- Jochen Bern Systemingenieur Binect GmbH Robert-Koch-Straße 9 64331 Weiterstadt
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
