[ale] VPN Protocol Question

Pat Regan thehead at patshead.com
Wed Apr 15 22:18:21 EDT 2009


Michael B. Trausch wrote:
> On Wed, 15 Apr 2009 15:22:16 -0400
> Andrew Grieser <agrieser at gmail.com> wrote:
> 
>> I'd like to be able to securely connect to my home network while at
>> school or elsewhere, and be able to tunnel all network traffic from
>> the client to the server (http, dns, ssh, etc).
> 
> What about PPP over SSH?  Instead of using a dial-up modem as a PPP
> transport, though, you would instead use SSH.  That way, authentication
> and encryption are already taken care of.

Tunneling TCP over top of another TCP connection isn't the best idea.  A
dropped packet plus enough delay on the bottom layer can cause a
retransmit on both layers.  This used to be especially problematic on
slow links because once you get enough of them in a row the previous
retransmits were the cause of even more retransmits until the line fills
up with nothing but error correcting data and very little real data.

My old experiences with this are the reason I try to never run OpenVPN
over TCP.

PPP over SSH is a great tool when there are no there are no other
options.  OpenVPN is simple to set up, runs over UDP (so no extra layer
of error correction), and it runs just fine on almost every OS.

Pat

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20090415/29ae5c96/attachment.bin 


More information about the Ale mailing list