nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VPN over slow Internet connections

From: Phil Regnauld <regnauld () nsrc org>
Date: Thu, 21 Apr 2011 22:31:32 +0200
Steven Bellovin (smb) writes:


I should note: IPsec, being datagram-based, will also work well.  PPTP,
which runs over TCP as far as I know, will suffer all of the ills I just
outlined.


        PPTP uses 1723/tcp for control, but the tunneled traffic is GRE,
        so that would work fine as well.


If you do it correctly, a VPN is actually better: you can assign a
static internal IP address to each certificate.  If the modem connection
drops, when you reconnect the applications will still have the same
IP address, so their connections won't be interrupted.


        Absolutely, that's the case with OpenVPN, if you assign static IPs to
        each profile.  PPtP can do this as well, for instance using MPD.
        Very big advantage in fact.


Someone suggested trying it using a FreeBSD flakeway; that's a good idea.


        Using a dummynet box as a router (or bridge for that matter), you have
        the benefit that you can run tcpdump on the trafic, and record the packet
        sizes with and and without VPN, then derive the actual observed overhead.

        Cheers,
        Phil
Previous By Date Next
Previous By Thread Next

Current thread: