On 11/3/05, Bruce McPeek <brucem@xxxxxxxxxxxx> wrote: > > > Hello, > > I am planning on setting up a TCP tunnel through an SSH connection between > our Korean office's intranet and our US office's intranet. This tunnel will > be used to provide a connection between a Perforce Proxy server in Korea and > our main Perforce server (Redhat 9) in the US. > > The OS for Korean proxy server will be Redhat FC3 using OpenSSH. I may have > to give up this server at some point in the future and go Windows as the > underlying OS, if that happens I would like to use Plink (from the maker of > PuTTY http://www.chiark.greenend.org.uk/~sgtatham/putty/). > > I plan to set up the account used to connect our SSH server to a pretty > restricted state; no login shell and port forwarding restricted to a > specific ip:port. > > I am planning to script the SSH connection on the client side to reconnect > should the connection drop. This should be a fairly trivial task. > Unfortunately I have seen long running SSH tunnels in a state where they > appear to be connected but no data flows through the tunnel or to the login > shell. I would like test for this condition in my script but I am unsure > which approach to take. > > I could conceivably try to connect through the tunnel to the server using > some utility but which one? I could conceivable try using the Perforce > client but would rather not consume a license to do this. Perhaps I could > open have a second tunnel open just to test the connection, but what would > be good to use? > I don't know that there is a solution for this issue. If I where you I would consider using OpenVPN (www.openvpn.net). It is designed for this type pf application. Has the ability to reconnect if a connection is lost, Can use certificatres is cross platform, including having RPM available. Well supported and in active development. -- Leonard Isham, CISSP Ostendo non ostento.
