nanog mailing list archives
Re: VPN over slow Internet connections
From: William Herrin <bill () herrin us>
Date: Thu, 21 Apr 2011 13:24:10 -0400
On Thu, Apr 21, 2011 at 12:55 PM, Ben Whorwood <bw-ml () mube co uk> wrote:
Can anyone share any thoughts or experiences for VPN links running over slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)? We are looking into utilising OpenVPN for out-of-office workers who would be running mobile broadband in rural areas. Typical data across the wire would be SQL queries for custom applications and not much else. Some initial thoughts include... * How well would the connection handle certificate (>= 2048 bit key) based authentication?
Fine. The certificate isn't sent very often and is only 256 bytes when it is sent.
* Is UDP or TCP better considering the speed and possibility of packet loss (no figures to hand)?
TCP is more likely to pass firewalls at the user's end, especially if you put your VPN server on port 443. UDP will allow the user's various sessions to recover from packet loss independently (i.e. faster). I would pick UDP and provide an alternate TCP configuration for users who experience trouble.
* Is VPN over this type of connection simply a bad idea?
No worse than using this slow a connection in the first place. VPN overhead is 5% to 10% tops. I would use a split tunnel though; let general internet destinations go directly through the Internet connection rather than through the VPN. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: VPN over slow Internet connections, (continued)
- Re: VPN over slow Internet connections Phil Regnauld (Apr 21)
- RE: VPN over slow Internet connections Darden, Patrick S. (Apr 21)
- Re: VPN over slow Internet connections Fred Richards (Apr 21)
- RE: VPN over slow Internet connections Brandon Kim (Apr 21)
- Re: VPN over slow Internet connections Matt Ryanczak (Apr 21)
- RE: VPN over slow Internet connections Brandon Kim (Apr 21)
- Re: VPN over slow Internet connections JC Dill (Apr 21)
- Re: VPN over slow Internet connections Jeroen van Aart (Apr 21)
- Re: VPN over slow Internet connections Wil Schultz (Apr 21)
- Re: VPN over slow Internet connections William Herrin (Apr 21)
- Re: VPN over slow Internet connections Phil Regnauld (Apr 21)
- Re: VPN over slow Internet connections Steven Bellovin (Apr 21)
- RE: VPN over slow Internet connections Terry Baranski (Apr 21)
- Re: VPN over slow Internet connections Steven Bellovin (Apr 21)