[stunnel-users] How to configure Stunnel for ICMP packets?

Rutger Thomschitz olds76 at email.com
Tue Nov 9 17:14:26 CET 2004



 
> > I have just started using Stunnel 4.04 with OpenSSL. This 
> > may seem a bit strange, but, I would like to configure 
> > Stunnel such that it will encrypt all my Ping packets. 
> > The reason in a nut shell is that I would like to use 
> > Ping to determine the network overhead added by SSL, as 
> > part of my research. How can I set up stunnel (i.e. 
> > stunnel.conf) to tunnel all ICMP (i.e. Ping) packets? 
> 
> If you compare ICMP ECHO REQUEST/REPLY to Stunnel in any 
> way then your research is useless. It's an apples to oranges 
> comparison. You're comparing ICMP to TCP. 
> 
> Better is to compare TCP to TCP. For example, create a client/server 
> protocol as follows: 
> 
> * The TCP connection is established. 
> * The client sends one integer that is the length of the data, 
> followed by the data itself. Call this a 'packet' if you will. 
> * The server reads the integer, followed by the rest of the data, 
> and sends that data back. 
> * The client verifies the data was received correctly, and then 
> procedes to send a new 'packet'. 
> 
> 
> Then you can implement this connection on its own, and then via 
> Stunnel on both ends, and compare the results. Now you've got 
> apples-to-apples comparison. 
> 
> (Suggest you implement the server as an inetd-started application, 
> and start it from Stunnel via the 'exec' option, to keep the extra 
> cleartext TCP connection out of the mix.) 
> 
> Side possibilities: 
> 
> * Try alternate 'packet sizes' for comparison. 
> * Try different crypto protocols for comparison. 
> 
> 
> -- 
> Brian Hatch $it = $it || $another; 
> Systems and 
> Security Engineer 
> http://www.ifokr.org/bri/ 

Brian,

Thank you for the advice and replying so quickly. Since my end goal was to see how additional network overhead due to security affects voice over IP (UDP), are there any other SSL enabled applications similar to Stunnel that supports UDP? (I am looking into Zebedee; however, it of course does not implement SSL.) 

Thanks again,
Rutger Thomschutz
-- 
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm




More information about the stunnel-users mailing list