A tunneling protocol is a network protocol which encapsulates one protocol or session inside another. Protocol A is encapsulated within protocol B, such that A treats B as though it were a data link layer. Tunneling may be used to transport a network protocol through a network which would not otherwise support it. Tunnelling may also be used to provide various types of VPN functionality such as private addressing.

Examples include:

Datagram-based:

• L2TP (Layer 2 Tunneling Protocol)
• MPLS (Multi-Protocol Label Switching)
• GRE (Generic Routing Encapsulation)
• GTP (GPRS Tunnelling Protocol)
• PPTP (Point-to-Point Tunneling Protocol)
• PPPoE (point-to-point protocol over Ethernet)
• PPPoA (point-to-point protocol over ATM)
• IP in IP Tunneling (RFC 1853)
• IPsec
• IEEE 802.1Q (Ethernet VLANs)
• DLSw (SNA over IP)
• XOT (X.25 datagrams over TCP)
• 6to4 (IPv6 over IPv4 as protocol 41)
• Teredo (IPv6 over UDP over IPv4)
• Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4, etc.)

Stream-based:

• TLS
• SSH

SSH tunneling

SSH is frequently used to tunnel insecure traffic over the Internet in a secure way. For example, Windows machines can share files using the Samba (SMB) protocol, which is not encrypted. If you were to mount a Windows filesystem remotely through the Internet, someone snooping on the connection could see your files.

So to mount a SMB file system securely, one can establish an SSH tunnel that routes all SMB traffic to the fileserver inside an SSH-encrypted connection. Even though the SMB traffic itself is insecure, because it travels within an encrypted connection it becomes secure.

Tunneling can also be used to bypass a system firewall.

See also

• Tunnel Broker
• Virtual Private Network (Tunneling)

References

Tunneling protocols

Síťové tunelování | Tunnel (EDV) | Tunnel (réseau informatique) | Tunneling | Tunnelingprotocol | Tunneling