A tunnelling router is a router that accepts traffic for a
network, then encapsulates it either in IP or some other protocol,
and sends it to another tunnelling router that de-encapsulates it
and injects it onto the network as if it got there normally. Part
of the encapsulation can consist of cryptography or whatever you
like. The advantages of tunnelling is that you can put a tunnel
on the *inside* of your firewall, and (depending on how your firewall
is set up) you can make remote networks you trust look like they
are local with a one-hop route.
Of course, that's also the *disadvantage* of tunnelling -- anyone who
can set up any sort of circuit between an internal and an external
point can open up IP access to the internal net.
I discussed some of this, albeit without using the word ``tunnel'', in a
Usenix paper a few years ago. Anyone interested can snarf it from