Original Message
Subject: VPN over slow Internet connections
From: Ben Whorwood
To: nanog@nanog.org
Date: Thursday, April 21, 2011 11:55:32 AM
> Dear all,
>
> Can anyone share any thoughts or experiences for VPN links running
> over slow Internet connections, typically 2kB/s -
On Apr 21, 2011, at 5:28 46PM, Terry Baranski wrote:
> On Apr 21, 2011, at 4:20PM, Steven Bellovin wrote:
>
>> For your application or for the VPN? For the VPN, I *strongly*
>> suggest you use UDP, or you're going to get dueling retransmissions
>> and spend a lot of time sending many copies of
On Thu, 21 Apr 2011 17:55:32 +0100, Ben Whorwood wrote:
IMHO it is not good idea to go to OpenVPN/IPSec/etc level at all (IP
layer at least, and in case of Windows it is also ethernet headers).
First of all OpenVPN for Windows/different OS sometimes become a
headache and need admin privileges.
On Apr 21, 2011, at 4:20PM, Steven Bellovin wrote:
> For your application or for the VPN? For the VPN, I *strongly*
> suggest you use UDP, or you're going to get dueling retransmissions
> and spend a lot of time sending many copies of the same thing. Consider:
> if a packet is dropped, either due
On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:
> Steven Bellovin (smb) writes:
>>
>> I should note: IPsec, being datagram-based, will also work well. PPTP,
>> which runs over TCP as far as I know, will suffer all of the ills I just
>> outlined.
>
> PPTP uses 1723/tcp for control, bu
Steven Bellovin (smb) writes:
>
> I should note: IPsec, being datagram-based, will also work well. PPTP,
> which runs over TCP as far as I know, will suffer all of the ills I just
> outlined.
PPTP uses 1723/tcp for control, but the tunneled traffic is GRE,
so that would work fine
On Apr 21, 2011, at 12:55 32PM, Ben Whorwood wrote:
> Dear all,
>
> Can anyone share any thoughts or experiences for VPN links running over slow
> Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
>
> We are looking into utilising OpenVPN for out-of-office workers who would be
On Apr 21, 2011, at 12:11 PM, Jeroen van Aart wrote:
> valdis.kletni...@vt.edu wrote:
>> Well, 33.6k is a Bad Idea right there. :) But if you're stuck with that
>> for technical reasons, but need a VPN for security reasons, it won't
>> be all *that* much worse, unless you're doing a lot of SSH or
On 21/04/11 11:53 AM, Brandon Kim wrote:
Nothing like getting into the groove, then losing your connection, waiting for
the modem to dial back up
and then try to figure out what you were just doing!!! Again, it goes back to what I
mentioned, it "could" work
but how will that affect your overa
valdis.kletni...@vt.edu wrote:
Well, 33.6k is a Bad Idea right there. :) But if you're stuck with that
for technical reasons, but need a VPN for security reasons, it won't
be all *that* much worse, unless you're doing a lot of SSH or similar
I would think so too. When I first moved to the Stat
r 3G or 4G not available? I'm assuming that modem is being used
because broadband is not in the area
> Date: Thu, 21 Apr 2011 14:02:30 -0400
> From: ryanc...@gmail.com
> To: nanog@nanog.org
> Subject: Re: VPN over slow Internet connections
>
> On 04/21/2011 01:32
On Apr 21, 2011, at 12:55 PM, Ben Whorwood wrote:
> Dear all,
>
> Can anyone share any thoughts or experiences for VPN links running over slow
> Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
>
> We are looking into utilising OpenVPN for out-of-office workers who would be
>
On 04/21/2011 01:32 PM, Brandon Kim wrote:
I vote for Patrick's idea of allowing the end user to remote into a machine
where the SQL resides.
This would eliminate a lot of potential issueswish I had thought of that
first!!!
I third this idea. Using screen would be a good idea as well.
Th
On Thu, Apr 21, 2011 at 1:32 PM, Gary Gladney wrote:
> If you haven't deployed your VPN environment yet I would seriously
>consider using SSL VPN instead of IPSec as your tunneling protocol.
> SSL VPN gives you a lot more options than IPSec.
Hi Gary,
Ben was looking at OpenVPN, not IPSec.. He s
If you haven't deployed your VPN environment yet I would seriously consider
using SSL VPN instead of IPSec as your tunneling protocol. SSL VPN gives you a
lot more options than IPSec.
Gary
-Original Message-
From: Ben Whorwood [mailto:bw...@mube.co.uk]
Sent: Thursday, April 21, 2011
I vote for Patrick's idea of allowing the end user to remote into a machine
where the SQL resides.
This would eliminate a lot of potential issueswish I had thought of that
first!!!
> Subject: RE: VPN over slow Internet connections
> Date: Thu, 21 Apr 2011 13:10:09 -0400
On Thu, Apr 21, 2011 at 12:55 PM, Ben Whorwood wrote:
> Can anyone share any thoughts or experiences for VPN links running over slow
> Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
>
> We are looking into utilising OpenVPN for out-of-office workers who would be
> running mobil
> We are looking into utilising OpenVPN for out-of-office workers who
> would be running mobile broadband in rural areas. Typical data across
> the wire would be SQL queries for custom applications and not much else.
>
I agree with Patrick, SSH would do nicely. You could even setup a
tunnel, and
On Thu, 21 Apr 2011 17:55:32 BST, Ben Whorwood said:
>* How well would the connection handle certificate (>= 2048 bit key)
> based authentication?
It will hiccup for a moment (maybe a quarter or half second) for the data. The
certificate exchange is the least of your problems.
>* Is VP
There's not that much overhead--your certs should be ok. TCP for SQL would
just make sense. I personally wouldn't want to do what you are contemplating.
Here's some stuff to think about:
1. your modems will not be able to do compression. You can't easily compress
random data (e.g. encrypt
Ben Whorwood (bw-ml) writes:
> Some initial thoughts include...
>
> * How well would the connection handle certificate (>= 2048 bit
> key) based authentication?
> * Is UDP or TCP better considering the speed and possibility of
> packet loss (no figures to hand)?
I'd go for a UDP tunne
If I had to guestimate, the performance would be horrible considering the VPN
overhead in itself.
You can't choose UDP or TCP, that is all based on the applications being used
within the tunnel.
So the apps will decide what protocols they will need to use, which will then
be encapsulated by IP
22 matches
Mail list logo
