0

We have devices at client sites that connect to processes on our servers and provide several streams of TCP data. We currently use VPNs to gain security and be able to connect back to the devices, which run embedded Linux, to administer them. We would like to explore other, less configuration intensive ways for them to connect. Is SSH a good alternative? Are there others? Is there a way to set up ssl enabled TCP connections like pop, imap and smtp? Are there other alternatives? Thanks.

nroose
  • 131
  • 6
  • As Chopper3 says, we'd need to klnow a lot more. Are all the sites on static IP addresses? Are the addresses exposed or NAT'd? How long do the connections last? How many connections per device? How many devices? Do you need bi-directional authentication? You might want to have a look at stunnel (stud has much more scalable implementation, but not as mature / well documented) – symcbean Aug 02 '12 at 10:45
  • Check `httptunnel`, is somewhat easier to use than vpn. – ott-- Aug 02 '12 at 11:01
  • stunnel looks like it will do the trick. We have 150+ devices at 50+ locations. Each opens 6 connections to one network layer server to get to one of 8 application servers. Some are dynamic, some are static. And we are growing. I think stunnel will work, though. It looks like we can set up the 6 ports and then one going the other direction for telnet to be able to manage the devices. If I am not mistaken, we can also add devices to the config without closing all the connections. Thanks! Not sure how to accept the answer which was in a comment. – nroose Aug 03 '12 at 15:24
  • Sorry, to clarify, currently the vpn goes through the network layer and allows connection to the app server. I think stunnel will do something similar. – nroose Aug 03 '12 at 15:31

1 Answers1

1

It really does depend on what your connections are actually doing, you don't say, but most if not all modern usage cases for IP now have SSL/TLS secured equivalents that may be of use to you.

For instance; SSH instead of Telnet, HTTPS instead of HHTP, SFTP instead of FTP etc. But you need to let us know what you're currently doing before we can respond specifically.

Chopper3
  • 101,299
  • 9
  • 108
  • 239