Scenarios by Sebastian
Throughout these scenarios, the following principle will be obeyed: I will always try to minimize the number of intermediate signposts. By restricting the path the traffic takes through the signpost system, we disable any path optimisations the network itself could otherwise perform.
The signposts on the home and work machine have an open connection that they use to communicate system state. Both systems know that the home computer can access the work computer directly, but not the other way. The work computer instructs the home computer to open an SSH tunnel to the work computer. Once established, the work computer tunnels all its communication through this connection.
The signpost on my work computer only knows about my fathers publicly available signpost. It connects to it telling it that it wants to connect to my fathers home computer. The policies allow this to happen. As my work computer has publicly accessible IP address that it informs my fathers signpost about, the signpost instructs my fathers home computer to open an SSH tunnel to my work machine. Once established, the signpost on my work computer tunnels all traffic through this machine.
My work computer contacts my fathers public signpost stating it does not have a publicly accessible IP, but would like to access my fathers home computer. Policies allow this. My fathers public signpost returns a list of connection possibilities:
As my home computer does not support 'efficient tunnel X', my computer opens an SSH tunnel to my fathers public signpost. My fathers signpost at the same time has instructed my fathers home computer to open an 'efficient tunnel X' to itself. It then tunnels the traffic from my home machine's SSH tunnel, through the 'efficient tunnel X' to my fathers home computer.
[Edit by AC] See also: Tactic Solver in the psp docs
Last edited by amirmc,