Octopus Tunneling allows forwarding traffic from one tunnel to another.
The tunnels from which data is forwarded may belong to one user (identified by client ID and individual certificate) or to two different users. In order to avoid confusion we are going to call them peers.
Octopus Tunneling is not confined to one-to-one links. You can define as many peers as you want and in this way create a network of trusted devices and users who can see each other as if they are in the same local network. It has the following implications:
Peers can address each other by private IP addresses in the same way as computers in your home network. These addresses like 192.168.x.x or 10.10.x.x are non-routeable on the Internet what gives additional confidence that the transferred data will not be compromised
Firewalls and NATs become invisible between peers
Services that require direct IP access like FTP, web servers, games, remote desktop can be set up on one PC and are accessible by other peers
To some extent it is possible to emulate ethernet LAN (however IPX/SPX protocol is not supported)
Needless to say, all data is encrypted and Octopus Tunneling inherits all benefits of regular SecurityKISS Tunnel.
How it works
This solution goes back to the roots and allows configuring the real VPN (Virtual Private Network) for a group of users.
Normally SecurityKISS Tunnel is used to create encrypted one-to-one links between clients and the server. On the server client's IP address is replaced, data is decrypted and sent to destination.
Although very useful it distorts the VPN original idea which is to allow clients safely connect to each other and feel like at home even if they are geographically dispersed.
Since SecurityKISS users generally do not know each other, we can not permit such direct links by default. Instead we authorize individual users to request and approve forwarding between selected clients so that they have full control over who can be linked with them directly via Octopus Tunneling.
In Figure 2 client 1 and client 3 become peers. Both peers must agree on forwarding. Only then the link is created.
Apart from securing the link between two or more peers, Octopus Tunneling has a critical advantage over alternatives. While many ways exist to set up a safe point-to-point connection between nodes with public IP, Octopus Tunneling makes it possible at all if both peers are behind NAT/Firewall.
In Figure 3 direct communiction between peers is not possible because both peers are behind NAT/Firewall
With Octopus Tunneling firewalls are transparent because both underlying connections are initiated from the peers. There is no need to set up port forwarding or configure firewalls in any other way.
SecurityKISS solution is unique because in contrast to others it allows end users to decide who can join their network. SecurityKISS users become administrators of their own Virtual Private Networks.
The administration is straightforward - you only need to request or accept forwarding to the selected client ID on the selected server in the Client Panel.
SecurityKISS users and customers get access to Client Panel in the account activation email.
Once you can log on to the Panel see Octopus Tunneling Forward Configuration Manual for details.