-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rendezvous mode #306
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In some cases, a rendezvous mode might be interesting.
In this case, the tunneled connections go in the opposite direction as the tunnels.
You have two ghostunnels:
one in rendezvous mode. This listens for connections via mTLS from the rendezvous-client which are put in a pool.
As well as (possibly unauthed or plaintext) connections. When a connection comes in, it is connected with one of the pooled connections.
The other ghostunnel, as a server, instead of listening for connections, makes connections out to the rendezvous server. Some preset connection pool parameters determine how many connections to make. The server then forwards to the server over localhost/unix socket as usual.
This allows hosting servers on machines that can only make outgoing network requests, and implicitly acts as a load balancer if multiple servers connect to the rendezvous point.
I've seen
autossh
used for tunneling like this before, but needing to manage shell access, SSH keys, etc is extra complexity.My gut feeling is that a lot of the ghostunnel code is reusable for this.
The text was updated successfully, but these errors were encountered: