I have tried a few VPN solutions, (such as PPP-SSH & OpenVPN) eons ago and found that they have a horrendous amount of setup that touches some system files (/etc/hosts & /etc/resolv.conf) and running commands that require super user access:
iptables modify firewall rules route add change the routing tables mknod + modprobe create a network device ifconfig assigning an IP address to the new device pty pseudo terminal
These are all basically ssh-based virtual private network tunnelling. And it seemed like an overkill solution for what I needed.
stunnel has a very simple way to create an encrypted channel between two networked computers. No system files or super user commands are required to make this work.
ssh TCP forwarding works the same way. But "stunnel is running as it's own daemon, you can use this port forward without first establishing the ssh connection." -- stunnel.org
( A fun read: SSH Tunnels: Bypass (Almost) Any Firewall. )
foreground = yes client = no cert = /etc/ssl/stunnel/stunnel.pem verify = 3 [10081] accept = 10080 connect = 10081 ; another service can be added here...
foreground = yes client = yes cert = /etc/ssl/stunnel/stunnel.pem verify = 3 [10080] accept = 10081 connect = 10.11.12.13:10080 ; more service options can be added here...
Then, execute on the respective computers:
user@server:~# stunnel stunnel_server.conf
user@client:~# stunnel stunnel_client.conf