Encrypting One TCP Port and only One TCP Port?

mpapet · 08-09-2017, 02:42 PM

I'm looking for a solution to encrypt or tunnel a single TCP port to a remote host. All other traffic stays off the tunnel.

This doesn't seem like a solution that can be handled by strongswan, but, maybe I haven't found the right how-to.

Are there other alternatives I should consider besides stunnel?

jefro · 08-09-2017, 03:09 PM

I guess I need to know a bit more. When you say tcp port, what do you mean exactly? A network adapter port or do you mean only say tcp:5098?

There are plenty of vpn solutions. Some so secure you can't run it on web. In the past, a vpn was total. There were no ways to let any traffic outside of the vpn. Now you can run a vpn on some traffic usually if you have a means to route it. It isn't considered very secure only because it is not totally isolated from other traffic.

mpapet · 08-09-2017, 03:27 PM

Quote:

Originally Posted by jefro

I guess I need to know a bit more. When you say tcp port, what do you mean exactly? A network adapter port or do you mean only say tcp:5098?

tcp:5098

"Secure" is definitely a fluid word. In this case, I am only trying to encrypt that one port to another host in another location.

jefro · 08-09-2017, 07:23 PM

I suspect that you could grab that port with some means like iptables. Then you have some choices. Maybe pipe it to a vpn set up on a secondary ip address or might be able to make one nic on vpn and break out of that.

This is the first idea that I had in mind. Plenty of other solutions. https://unix.stackexchange.com/quest...-to-vpn-client

Some firewall/routers may be also able to do this.

gradinaruvasile · 08-22-2017, 01:29 PM

Openvpn?

IsaacKuo · 08-22-2017, 02:20 PM

Depending on what exactly you're trying to do, and whether you have ssh access to the destination (or another server sufficiently "close" to the destination), you could use an ssh tunnel or reverse ssh tunnel.