Anyone know if there is a library or of a webpage that
explains how to make SSH tunnels on Linux short of
fork/exec of the openssl command to do it?

I'm not finding anything on Google...

You should really consider executing OpenSSH commands, I think it would be the most secure option.
But if you have really good reasons not to do it, your best option is to look at the OpenSSH code to see how they do it, and do the same...

fork/exec is my last option b/c I am on an embedded system, but if all else fails, that's what
I'll have to do.

I've worked on a project that used OpenSSL functions on the so-called interface. It caused us no end of grief. Every time we changed compiler, we had to upgrade OpenSSL. And then the so-called interface would change, causing us to change the code.

With the compiler upgrades, there was no apparent problem initially, until we noticed the keys being generated with nonsense. The only reliable portable (across versions and compilers) way to use OpenSSL is thru the compiled programs it ships with (like openssl). To do otherwise means a world or testing for each change.

Thanks for the input.

I guess I'll go the route of launching the commands.

I'm not an expert on how these tunnels work, and I should probably do a bit of
investigation on my own before asking questions, but since I'm technically on
vacation, I'll ask the question.

If the underlying TCP connection goes down, how will my application know the
connection is broken, since all my app has is a local UDP socket to send to/
receive from?