[OpenAFS] Re: rxtcp, rxutcp [for networks without UDP]
Fri, 31 Mar 2006 17:14:17 -0500
> Message-Id: <200603312137.PAA29009@malison.ait.iastate.edu>
> To: Jim Rees <firstname.lastname@example.org>
> Cc: email@example.com
> From: John Hascall <firstname.lastname@example.org>
> Subject: Re: [OpenAFS] Re: rxtcp, rxutcp [for networks without UDP]
> Date: Fri, 31 Mar 2006 15:37:42 CST
> > In the future only tcp on port 80 will work. Some time after that only http
> > over tcp on port 80 will work. It's already happening in some places.
> So, who's working on rxhttp then?
> PS, :)
Actually you want to use port 443, not 22 or 80.
22 requires they actually care about it professionals.
80 might go to a caching web server.
443 requires end-end connectivity from browser to server.
As a bonus, 443 connections are more likely to be left up
for a period of time, which better matches the behavior
you'll be producing here. This is important because the
sorts of places that only allow http/https are usually the
sorts of places that want to not allow vpn traffic.
Ideally, you should do ssl over 443, then ip tunneling on top
ssh forwarding is on a per-port basis - you might be able to make this
work with afs but you probably won't want to do it again. You really
want something that works at the network routing layer = vpn, ip tunneling,
or whatever you want to call it. Besides, the "recent" versions of ssh
I have in my environment still only does TCP port forwarding, so won't
work for this at all. Does your copy of ssh really do udp port forwarding?