Which services can I tunnel (SSH, RDP, web, databases)?
Anything that speaks TCP. An LRO tunnel is a raw TCP pipe — it carries the bytes of whatever protocol you put through it without looking inside, so the choice of application is entirely yours.
It’s a raw TCP pipe
The relay reads bytes from one side and writes them unchanged to the other, in both directions. It does not parse, inspect or modify the protocol on top. That is why the application on each end behaves exactly as if it had connected directly — the same handshakes, the same authentication, the same behaviour.
Common things people tunnel
- Remote shells: SSH (
22). - Remote desktop: RDP (
3389), VNC. - Web admin interfaces: HTTP / HTTPS panels of routers, switches, NAS, IPMI/BMC, cameras.
- Databases: PostgreSQL, MySQL/MariaDB, Redis, and similar.
- Internal APIs and custom binary protocols running over TCP.
Encryption is independent of the protocol
Whatever you tunnel, the traffic is end-to-end encrypted between the agents, on top of whatever encryption the protocol itself uses. A plain HTTP admin page, for example, still crosses the relay as ciphertext.
Tunnel SSH, RDP, a web panel or a database to a machine behind NAT.
Create an account →