I'm looking for a way to set up a secure tunnel for HTTP traffic between two hosts on separate networks/domains over a single port. The caveat is that I have no control over the physical aspects of the networking or hardware. I do have administrative access to the hosts themselves, though. Assume no connectivity issues or port blockage between the two networks, I would simply like the traffic to be encrypted as it is an untrusted network.
The goal
An HTTP request sent to a specific port (say 2000) on a "proxy" host on one network would be connected through the tunnel to a destination port on the "endpoint" host and the response returned.
What I've researched
I'm not much of a systems guy, I have more of an application developer background so most of the information I've researched is new to me. It seems that the general accepted way to achieve my goal is using a VPN. There is a myriad of options and the sheer amount of information is overwhelming. All of the information I do find is geared towards a remote user access set up to allow access to all networking resources (which is overkill for my goal). If I do go this route, it seems L2TP and IPSec are the way to go.
What I've tried
I have had success using cygwin and openssh/autossh to establish and maintain an ssh tunnel between the hosts and this accomplishes exactly what I am looking for. On the VPN side I have set up RRAS and followed a few tutorials but with no success and I can't seem to find out where it went wrong.
What I would like to know
What is the generally accepted approach for achieving my goal? The autossh tunnel does work, but I lack the experience to know if this is an approach which is outdated/deprecated or will lead to future issues. Should I continue pursuing a VPN setup?
Best Answer
I may be missing something, but it sounds like the easiest thing to do is just use SSL on your webserver. If the proxy host isn't doing anything to the request except passing it on to the other webserver, this should be fine -- just let people talk to the endpoint server via https. (If you're trying to connect two private networks without going out over the internet, you'll have to set up an appropriate policy on your router to let the traffic get through.)