Hannu, This has nothing to do with tunnelling VNC through SSH. SSH is a port-level tunnel, not a TCP-level tunnel, so the problems of multiple-level retransmission caused by TCP-over-TCP do not occur.
Anecdotal evidence suggests that certain firewalls/routers and possibly Hamachi itself don't handle MTU-reduction as seamlessly as is suggested by "Steve's" comments. Cheers, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Hannu Jdrvinen > Sent: 24 January 2006 21:30 > To: RealVNC List (E-mail) > Subject: Tunneling VNC > > I'm new to NVC and VPN's but I'd like to share something I > came across > on www.grc.com. It's a discussion about using this software called > Hamachi for tunneling VNC. The full discussions regarding this can be > found at http://www.grc.com/SecurityNow.htm#23 (episodes 18 & 19) > > As far as I've understood, SSH is TCP. > > Hannu > > Steve: Tunneling TCP through TCP is problematical because TCP > is itself > an error correction guaranteed > packet delivery protocol. When you tunnel one of those > protocols within > another of those protocols, they're > not talking to each other because they're sort of separate > sheaths that > are carrying your data. You can get > very bad performance when you tunnel TCP in TCP. This is one of the > things that's given VPNs a bad name. > The other... > > ... > > Steve: ...the computers are fighting. The solution is to use > UDP as the > transport protocol. There you're > sending packets only when you need to. So the internal TCP > protocol gets > encapsulated in UDP, and that's > what Hamachi uses. And also because UDP translates through > NAT routers > and traverses NAT routers far > more easily. > > ... > > Steve: It's the right way to do a VPN. Now, the one other glitch that > VPN - the thing that hurts VPNs is, > when you encapsulate packets, you make them bigger. And so what can > happen is your packets can be > fragmented because they won't traverse the Internet because > they end up > being too big when they're > wrapped in the packet. Hamachi fixes that and knows how to change the > stack in your machine so that the > TCP packets it generates are already shrunk, so that when it's > encapsulated, it still fits in within what's called > the MSS, the Maximum Segment Size, so that it won't fragment the > packets. So you get, I mean, really good > performance. In fact, I have, using Remote Desktop before, I have > forgotten sometimes that I'm not on my > computer. I mean, it's just not a painful experience. > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
