• What is tunneling?

A technology that enables private network (single machines or entire internetworks) to send its data or allow to use its resources via another network’s connections.Tunneling works by encapsulating a network protocol within packets carried by the second network.

• Example:

PPTP (Point-to-Point Tunneling Protocol) technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet.

Various Tunneling protocols include:

Datagram-based:

• IPsec (Internet Protocol Security)
• GRE (Generic Routing Encapsulation) supports multiple protocols and multiplexing
• IP in IP Tunneling: Lower overhead than GRE and used when only 1 IP stream is to be tunneled
• L2TP (Layer 2 Tunneling Protocol)
• MPLS (Multi-Protocol Label Switching)
• GTP (GPRS Tunneling Protocol)
• PPTP (Point-to-Point Tunneling Protocol)
• PPPoE (point-to-point protocol over Ethernet)
• PPPoA (point-to-point protocol over ATM)
• IEEE 802.1Q (Ethernet VLANs)
• DLSw (SNA over IP)
• XOT (X.25 datagrams over TCP)
• IPv6 tunneling: 6to4; 6in4; Teredo
• Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4,             etc.)

Stream-based:

• TLS (Transport Layer Security)
• SSH (Secure Shell)
• SOCKS (sockets)
• HTTP CONNECT command
• Various circuit-level proxy protocols, such as Microsoft Proxy Server’s Winsock RedirectionProtocol, or WinGate Winsock Redirection Service.

Out of above available Tunneling protocol we will describe SSH based Tunneling.

SSH Tunneling:
- SSH tunnel is an encrypted tunnel created through a SSH protocol connection.
- It takes place by using mechanism of port forwarding over a secure tunnel.
- SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services provided that outgoing connections are allowed.

To understand SSH tunneling we will take a following example.
In the following network diagram, my requirement is to access System B’s private network resources on system A. here system D’s application myWebApp on System A.

Here system A and system B are connected via Internet. So we can create a tunnel between system A and system D via system B and forward a 8080 port of system D to local port of system A.

Below are steps to create a tunnel using SSH client (Putty).
- Start the SSH client (Putty) at system A.

Step 4:
This step is to verify Tunnel we created by above 1-3 steps:

- Right click on the caption bar of the shell window and then click on option ‘Change Settings…’, it will open a ‘Putty Reconfiguration’ window.
- On Putty Reconfiguration window, click on connection->SSH->Tunnels and right hand side you will see the mapping we did.
- Click on Apply
- Then open a web browser on your local system and type: http://localhost:1001/myWebApp
Press Enter and you will see magic. You won’t believe yourself that you can access the application running on system D which in the private network of B.