A thought has been bugging me for about a year now. The idea is that someone should create a Skype add-on that would allow tunneling any TCP traffic over secure ap2ap connections to other Skype users, much like plain old ssh can be used to tunnel TCP traffic to other internet hosts.
]]>Let’s assume I’ve got some fancy web-based personal information manager running on my home computer. If I’m at home, I can access my stuff by pointing my browser to http://localhost:8080. My home network is behind a NAT router so external users (or myself while in the office or on the road) can’t get through to this server. However, I often need my stuff when away from home, but I am paranoid about others never getting their hands on it.
So I install ssh on my home computer and configure the NAT box to forward all incoming connections on port 22 (the default ssh port) to my home computer’s port 22. Assuming that the dynamic DNS address of my NAT box is wolli.home.net and the LAN IP address of my home computer is 192.168.1.123, I now can access my personal information manager from anywhere via ssh as follows:
- ssh -NfL 1234:192.168.1.123:8080 wolli.home.net
- firefox http://localhost:1234
But the problem is that in order for this to work, I must be able to configure my NAT box, or firewall. This is not always an option.
Now it would be really cool if I could use Skype to establish the connection to my home computer in much the same way. I would set up Skype on my home computer, log in as wolli-home-gw, and keep it running. I would also install the “skypetunnel” add-on, and configure it so that it would automatically accept incoming connections from Skype user ppmotskula (my main Skype name).
When I need to access my PIM remotely, I could now:
- start Skype and log in as ppmotskula
- start “skypetunnel” and configure it to forward local port 1234 to port 8080 on the machine used by wolli-home-gw
- start Firefox and point it to http://localhost:1234
Voilà! Secure connection established without having to configure any firewalls or NAT boxes, and without even having to have a static IP address or a dynamic DNS address for my home computer.
Of course, this approach would not be suitable for high-bandwidth applications because ap2ap connections never get more bandwidth than Skype file transfers, which, as you probably know, can be pretty slow when relayed through a supernode. But then again, I’m not particularly interested in streaming video from my home computer to my laptop while in airport.
The opportunities would include secure remote access to your intranet web or email servers, secure remote IT support (over VNC or rdesktop if needed), and much more — your imagination is the limit.