Tunnels allow for specific access into your network using HTTP(S) protocol or the SSH port forwarding protocol to provide this. Its better than a VPN in that you aren't granting full access into your network, just a specific pre-defined IP and port inside your network. The user connects to there own localhost IP, and CrushFTP then routes everything over HTTP to the CrushFTP server which then forwards the connection on to the destination IP and port. The HTTP tunnel is very similar to how SSH tunnels work, except this is all over HTTP(S).  The SSH tunnels are normal SSH tunnels, but allowing you to control and restrict users.

In my example I am giving the user access via VNC to a machine in the network.

The user manager [tunnels|UserManagerTunnels] configuration lets you grant access the items defined here.

[attachments|tunnels.png]