[K12OSN] easy VPN?
Les Mikesell
les at futuresource.com
Sat Apr 24 17:17:08 UTC 2004
On Sat, 2004-04-24 at 10:05, Julius Szelagiewicz wrote:
> doesn't have to be linux, but i am installing servers in all
> locations, so the equipment is there. i'll check out the netgear. my
> experience with ssh was not very good when high volume of traffic was
> involved, mainly the speed was very poor when compared with dedicated
> devices like sonicwall.
Tunneling tcp over ssh doesn't recover from errors very well because
you have 2 layers of tcp stacks doing resends with the same timers.
IPsec devices or software won't work behind NAT (although I think
there is some current work to allow this) so that would have to
run on a device with a public address. That leaves CIPE, which
runs over UDP and has been around a while, and some newer
software (openvpn) and devices that use SSL. I recommended
CIPE in this case because it is a fill-in-the-form option
in RH/fedora and I've had a lot of trouble-free experience with
it. Starting from scratch, I'd probably look at openvpn first
now because it has more recent development work and sounds
theoretically more secure. Both CIPE and openvpn have windows
versions as well as Linux, but I haven't used them.
---
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list