Tunnels allow for specific access into your network using HTTP(S) protocol or the SSH port forwarding protocol to provide this. Its better than a VPN in that you aren't granting full access into your network, just a specific pre-defined IP and port inside your network. The user connects to there own localhost IP, and CrushFTP then routes everything over HTTP to the CrushFTP server which then forwards the connection on to the destination IP and port. The HTTP tunnel is very similar to how SSH tunnels work, except this is all over HTTP(S).  The SSH tunnels are normal SSH tunnels, but allowing you to control and restrict users.

The user manager [tunnels|UserManagerTunnels] configuration lets you grant access the items defined here.

[attachments|tunnels.png]

----
HTTP Tunnels allow for accelerated transfers.  This is done by utilizing a multiplier in the HTTP tunnel.  The multiplier is limited to 1 for non [enterprise|http://www.crushftp.com/enterprise.html] licenses.

As network latency increases, the maximum theoretical bandwidth of a connection goes down.  This decrease is very significant.  Using the HTTP tunnel multiplier, this can be overcome.

Typical maximum bandwidth from CA to NY in the USA is about 6Mbit.\\
Typical maximum bandwidth from Europe to the East coast of the USA is about 4Mbit.\\
Typical maximum bandwidth from Australia to the East coast of the USA is about 2Mbit.\\

(These speeds can vary somewhat as a fewer number of network connection hops would change the ping time for the connection.)\\
\\
In the tunnel, you just configure the multiplier needed to reach your maximum speed.  So if you only get 3Mbit, and your bandwidth maximum is 50Mbit, then enter a multiplier of 17 for the max.  Entering a multiplier of 20, or 30 won't hurt, but it won't benefit you either as your ISP still limits your maximum speed.

Now, any connection going through the tunnel will be sped up 17x its normal speed.

FTP, and HTTP are ideal for use inside the tunnel.  The tunnel should use HTTPS from client to server to make it secure.  The tunnel listens for connections on localhost on the client machine, and delivers them to localhost on the server machine.  So the client can use their normal FTP client and connect to the tunnel, and not only are they secure now, but they are also accelerated.

If the client uses the WebInterface of CrushFTP, they don't need to know anything about the tunnel at all.  They just do the upload using the "advanced" button and that will use a Java applet to tunnel the data to the other side.  They get a nice modern WebInterface and see their upload or download go at full speed!