You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some cases, a rendezvous mode might be interesting.
In this case, the tunneled connections go in the opposite direction as the tunnels.
You have two ghostunnels:
one in rendezvous mode. This listens for connections via mTLS from the rendezvous-client which are put in a pool.
As well as (possibly unauthed or plaintext) connections. When a connection comes in, it is connected with one of the pooled connections.
The other ghostunnel, as a server, instead of listening for connections, makes connections out to the rendezvous server. Some preset connection pool parameters determine how many connections to make. The server then forwards to the server over localhost/unix socket as usual.
This allows hosting servers on machines that can only make outgoing network requests, and implicitly acts as a load balancer if multiple servers connect to the rendezvous point.
I've seen autossh used for tunneling like this before, but needing to manage shell access, SSH keys, etc is extra complexity.
My gut feeling is that a lot of the ghostunnel code is reusable for this.
The text was updated successfully, but these errors were encountered:
In some cases, a rendezvous mode might be interesting.
In this case, the tunneled connections go in the opposite direction as the tunnels.
You have two ghostunnels:
one in rendezvous mode. This listens for connections via mTLS from the rendezvous-client which are put in a pool.
As well as (possibly unauthed or plaintext) connections. When a connection comes in, it is connected with one of the pooled connections.
The other ghostunnel, as a server, instead of listening for connections, makes connections out to the rendezvous server. Some preset connection pool parameters determine how many connections to make. The server then forwards to the server over localhost/unix socket as usual.
This allows hosting servers on machines that can only make outgoing network requests, and implicitly acts as a load balancer if multiple servers connect to the rendezvous point.
I've seen
autosshused for tunneling like this before, but needing to manage shell access, SSH keys, etc is extra complexity.My gut feeling is that a lot of the ghostunnel code is reusable for this.
The text was updated successfully, but these errors were encountered: