Idea: skypetunnel
A thought has been bugging me for about a year now. The idea is that someone should create a Skype add-on that would allow tunneling any TCP traffic over secure ap2ap connections to other Skype users, much like plain old ssh can be used to tunnel TCP traffic to other internet hosts.
]]>Let’s assume I’ve got some fancy web-based personal information manager running on my home computer. If I’m at home, I can access my stuff by pointing my browser to http://localhost:8080. My home network is behind a NAT router so external users (or myself while in the office or on the road) can’t get through to this server. However, I often need my stuff when away from home, but I am paranoid about others never getting their hands on it.
So I install ssh on my home computer and configure the NAT box to forward all incoming connections on port 22 (the default ssh port) to my home computer’s port 22. Assuming that the dynamic DNS address of my NAT box is wolli.home.net and the LAN IP address of my home computer is 192.168.1.123, I now can access my personal information manager from anywhere via ssh as follows:
- ssh -NfL 1234:192.168.1.123:8080 wolli.home.net
- firefox http://localhost:1234
But the problem is that in order for this to work, I must be able to configure my NAT box, or firewall. This is not always an option.
Now it would be really cool if I could use Skype to establish the connection to my home computer in much the same way. I would set up Skype on my home computer, log in as wolli-home-gw, and keep it running. I would also install the “skypetunnel” add-on, and configure it so that it would automatically accept incoming connections from Skype user ppmotskula (my main Skype name).
When I need to access my PIM remotely, I could now:
- start Skype and log in as ppmotskula
- start “skypetunnel” and configure it to forward local port 1234 to port 8080 on the machine used by wolli-home-gw
- start Firefox and point it to http://localhost:1234
Voilà! Secure connection established without having to configure any firewalls or NAT boxes, and without even having to have a static IP address or a dynamic DNS address for my home computer.
Of course, this approach would not be suitable for high-bandwidth applications because ap2ap connections never get more bandwidth than Skype file transfers, which, as you probably know, can be pretty slow when relayed through a supernode. But then again, I’m not particularly interested in streaming video from my home computer to my laptop while in airport.
The opportunities would include secure remote access to your intranet web or email servers, secure remote IT support (over VNC or rdesktop if needed), and much more — your imagination is the limit.
Volunteers, anyone?
Something like this would be very great!!!!!!!
PS. It could even increase the Skype network, as more people will install skype on “Server” boxes and keep it running.
Is it “skypetunnel” just a concept?
It hears good.
It’s only going to be useful to people running ‘nix.
And the Skype-on-linux folks have got far more important things to be doing than reimplementing SSH tunnels.
Yep, its called hamachi. You can get it from http://www.hamachi.cc, the best part about it is that it’s not locked into skype extras (which aren’t available to non-windoes users yet), doesn’t require firewall/router configuration, and can support maximum speeds of your internet and isn’t limited to whatever artificial speed-limit Skype sets.
Hi Peeter, I also have been thinking about this for a while. I was inspired by the Skype 3.0 ability to open an ap2ap connection to another copy of Skype that is logged in with the same ID. I tried to code this using Skype4Java, and ran into a limitation in the way it was implemented. I mentioned this to Koji, and he fixed Skype4Java so that you can make ap2ap connections to yourself, however I haven’t had time to do any more coding. My starting design is more like the old command line ftp, run a skyftpd plugin at all times on all your machines as the server side, then run skyftp as the client when you want to grab a file from somewhere else. You could allow access from a list of IDs if you maintain several.
tomchiv, could you please explain why you think it would only be useful to ‘nix folks? You could use this on Windows to get access to your office desktop from your home. Or to help your grandmother with setting up her new printer. Or…
Hi,
I had been working on this SkypeChannel kind of stuff for a while, but stopped working on it when I realized that App2App API is very slow when sending/receiving big, say 100KB, of data. This might be a Skype policy not to flood their network with App2App trafic.
I will resume on this project if somebody tells me that App2App API actually is fast enough.
Regards,
nobu
Hey guys,
I’m working on a SkypeTunnelling app. It’s currently written in python and is a relatively small app. As soon as I get some security stuff incorporated into the tunnelling app, I will try to upload it as a skype plugin. Hope to get some feedback.
Cheers
Loris
I’ve coded a small app in Qt for this. The source and compiled executables for win/Linux can be downloaded from
http://jonathan.verner.matfyz.cz/index.php?action=static&spec=download
eeevpn, turns this into reality.
vpn, Remote Desktop and more…
Hi there-
Im just an end user with little to no coding skills. (just your basic geek) Im looking for a way to get skype to ignore its rotating port for incoming connections and default to port 80 / 443, or simply let me pick a static port that wont change every time skype restarts so I can forward port through my router and call it all good. I keep getting major problems with incoming calls from outside the skype network. am I correct in the assumption that my incoming tcp connections are to blame?
Hi, I am not a pro IT person at all, but I do have basic knowledge of DNS,IP, TCP, etc. and static IPS, ect.
I am having some problem with free skype..I think it is my firewall or norton security. I think it would help to know what is the best ports…incoming, outgoing. does skype have DNS number? what do you enter into the SoIP so that when i get a skype call, my system can rotate it’s configuration..right now, i don’t think I can just put in http://www.skype.com
Please SOMEONE..please help!