This feature was discontinued in SecurityKISS

Octopus Tunneling


Octopus Tunneling allows forwarding traffic from one tunnel to another.

The tunnels from which data is forwarded may belong to one user (identified by client ID and individual certificate) or to two different users. In order to avoid confusion we are going to call them peers.

Octopus Tunneling is not confined to one-to-one links. You can define as many peers as you want and in this way create a network of trusted devices and users who can see each other as if they are in the same local network. It has the following implications:

Needless to say, all data is encrypted and Octopus Tunneling inherits all benefits of regular SecurityKISS Tunnel.

How it works

This solution goes back to the roots and allows configuring the real VPN (Virtual Private Network) for a group of users.

Normally SecurityKISS Tunnel is used to create encrypted one-to-one links between clients and the server. On the server client's IP address is replaced, data is decrypted and sent to destination.

Figure 1. Regular SecurityKISS Tunneling

Although very useful it distorts the VPN original idea which is to allow clients safely connect to each other and feel like at home even if they are geographically dispersed.

Since SecurityKISS users generally do not know each other, we can not permit such direct links by default. Instead we authorize individual users to request and approve forwarding between selected clients so that they have full control over who can be linked with them directly via Octopus Tunneling.

Figure 2. Octopus Tunneling - forwarding

In Figure 2 client 1 and client 3 become peers. Both peers must agree on forwarding. Only then the link is created.

Apart from securing the link between two or more peers, Octopus Tunneling has a critical advantage over alternatives. While many ways exist to set up a safe point-to-point connection between nodes with public IP, Octopus Tunneling makes it possible at all if both peers are behind NAT/Firewall.

Figure 3. Two peers behind NAT/Firewall

In Figure 3 direct communiction between peers is not possible because both peers are behind NAT/Firewall

With Octopus Tunneling firewalls are transparent because both underlying connections are initiated from the peers. There is no need to set up port forwarding or configure firewalls in any other way.

Figure 4. Forwarding with SecurityKISS go through the NAT/Firewall


SecurityKISS solution is unique because in contrast to others it allows end users to decide who can join their network. SecurityKISS users become administrators of their own Virtual Private Networks.

The administration is straightforward - you only need to request or accept forwarding to the selected client ID on the selected server in the Client Panel.

SecurityKISS users and customers get access to Client Panel in the account activation email.

Once you can log on to the Panel see Octopus Tunneling Forward Configuration Manual for details.