examples ctunnel - tunnel any TCP or UDP connection in a cryptographic tunnel
Mysql Tunnel
(when linked with OpenSSL use '-C aes-256-cfb', or '-C aes256 -M cfb' with libgcrypt)

In this example, our local machine is 10.0.0.2 (client), and the MySQL server is at 10.0.0.4 (server).
We want all MySQL traffic from 10.0.0.2 to 10.0.0.4 to be encrypted.

Server localhost:~# ctunnel -H 127.0.0.1 -s -l 2222 -f 3306 -C aes-256-cfb
Client localhost:~# ctunnel -H 10.0.0.4 -c -l 3306 -f 2222 -C aes-256-cfb

We now have our encrypted tunnel.
Since we told ctunnel that the local end of our MySQL tunnel is 127.0.0.1, we can launch the mysql client, with our local tunnel endpoint as it's destination:
Client localhost:~# mysql -u root -p -h 127.0.0.1

You now have encrypted access from your local machine, to the remote MySQL server!


VNC Tunnel
(when linked with OpenSSL use '-C aes-256-cfb', or '-C aes256 -M cfb' with libgcrypt)

In this example, our local machine is 10.0.0.2 (client), and the VNC server is at 10.0.0.4 (server).
We want all VNC traffic from 10.0.0.2 to 10.0.0.4 to be encrypted.

Server localhost:~# ctunnel -H 127.0.0.1 -s -l 2222 -f 5900 -C aes-256-cfb
Client localhost:~# ctunnel -H 10.0.0.4 -c -l 5912 -f 2222 -C aes-256-cfb

We now have our encrypted tunnel.
Since we told ctunnel that the local end of our VNC tunnel is 127.0.0.1 (desktop 12), we can launch vncviewer, with our local tunnel endpoint as it's destination:
Client localhost:~# vncviewer 127.0.0.1:12

You now have encrypted access from your local machine, to the remote VNC Desktop!


DNS Tunnel (UDP)
(when linked with OpenSSL use '-C aes-256-cfb', or '-C aes256 -M cfb' with libgcrypt)

In this example, our local machine is 10.0.0.2 (client), and the DNS server is at 10.0.0.4 (server).
We want all DNS traffic from 10.0.0.2 to 10.0.0.4 to be encrypted.

Server localhost:~# ctunnel -U -H 127.0.0.1 -s -l 8053 -f 53 -C aes-256-cfb
Client localhost:~# ctunnel -U -H 10.0.0.4 -c -l 53 -f 8053 -C aes-256-cfb

We now have our encrypted tunnel.
Since we told ctunnel that the local end of our DNS tunnel is 127.0.0.1, we can query DNS records over our encrypted tunnel, with our local tunnel endpoint as it's destination:
Client localhost:~# dig @localhost nardcore.org

You now have encrypted access from your local machine, to the remote DNS Server.


SSH Tunnel and Proxy
(when linked with OpenSSL use '-C aes-256-cfb', or '-C aes256 -M cfb' with libgcrypt)

In this example, our local machine is 10.0.0.2 (client), and the SSH server is at 10.0.0.4 (server).
We will bounce our connection from 10.0.0.2, to a ctunnel proxy on 10.0.0.3, to ctunnel running on 10.0.0.4.

We will start ctunnel normall on the client and server, however we need to run ctunnel twice on the proxy, to properly forward the connection
Server localhost:~# ctunnel -z -H 127.0.0.1 -s -l 2224 -f 22 -C aes-256-cfb
Proxy localhost:~# ctunnel -z -H 10.0.0.4 -c -l 2223 -f 2224 -C aes-256-cfb
Proxy localhost:~# ctunnel -z -H localhost -s -l 2222 -f 2223 -C aes-256-cfb
Client localhost:~# ctunnel -z -H 10.0.0.3 -s -l 2221 -f 2222 -C aes-256-cfb

We now have our encrypted proxy tunnel.
Since we told ctunnel that the local end of our SSH tunnel is 127.0.0.1:2221 , we can launch ssh, with our local tunnel endpoint as it's destination:
Client localhost:~# ssh root@localhost -p 2221

You now have encrypted access from your local machine, to the remote SSH Server, via proxy.
Home
ChangeLog
Download
Manual
Examples
Contact
Ctunnel Copyright © 2008-2011 Jess Mahan