[ale] OpenVPN test
Brian MacLeod
nym.bnm at gmail.com
Thu Aug 26 10:10:05 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 8/25/10 10:36 PM, Chris Fowler wrote:
> I was not storing the generated certificates in the CA!
>
> My main goal is to allow Windows clients to attach to this server. Is
> TUN or TAP best?
>
>
The quick rule of OpenVPN usually indicates TUN is the better choice
since routing bits is a bit easier on the server, and allows most forms
of communication. There are instances where TAP is more useful
(basically, do you need layer 2 or layer 3 connectivity) because you are
often doing broadcasts (ex: CIFS discovery), but again, there's often a
way to mitigate that need (pass along WINS Server options).
TUN scales far better than TAP, so if you have the potential of a lot of
clients connecting at once, then direct yourself to the TUN arrangement.
A lot of clients is relative to the horsepower and connectivity of the
server in question. My experience with having it on an old Pentium III
with 256MB and a DSL connection was that after 4 TAP connections, things
were dragging (I blame the intercommunication of the TiVos at that time,
which is broadcast based for discovery).
Brian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQE4BAEBCAAiBQJMdnW9Gxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
XCJY/q4Y6FUsB/9HLtfTwYLXHsSWJWJi25kZFOHMtGeZ1mJ06hzwDiYoI9zx7AoG
TS6QAWFJtxeElQD37BST1Z4nDQym1lnHVT/8q4sKa7sCTV4gq66LtNr4hQ29wicl
W20vnZ1949d5CCGfA987OS8AZeIyz0TXyyyJOIiiAYlci8HSNZleZ09Vk3WYRUrX
id7/OsW3waFsNcxQqgzt9qgjs9CVZij6nuEzORefgrdL8bx4T5ipMBFGRdmiQNkc
1ZFiRfRnSd7YEe6bzbWO+582HZn32Ka4a9evOsVcrbOrOF7kHRzdnZbJHXBdVgwO
Uh7IX6UoiSpLDXex7J5MOntATMsglFmyKLvJ
=x6Mw
-----END PGP SIGNATURE-----
More information about the Ale
mailing list