Re: Anyone using uvlan out there?

[Matt Palmer <mpalmer () hezmatt org>]

On Fri, Sep 14, 2007 at 12:33:03PM +1000, Steven Haigh wrote:
> Quoting Matt Palmer <mpalmer () hezmatt org>:
> > On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
> > >   2. It doesn't require licensing
> >
> > Plenty of VPN products out there are FOSS;
>
> Yeah - I wasn't too sure about this either. I haven't seen any VPN  
> software that requires licensing in years. I didn't know anyone still  
> required this?

There's plenty of lots-o-money VPN products out there; presumably that's
what they're talking about.  The problem is that the statement "uvlan isn't
a VPN because it doesn't require licencing" is a ridiculous statement,
because you don't have to have a licencing requirement to be a VPN.

> > >   3. It is much simpler
> >
> > Simpler than what?
>
> Routing?

Simple is in the eye of the beholder.  Switched ethernet networks have their
complexities that routed networks don't...

> > >   4. It operates at Layer-2 (Ethernet), VPNs generally operate at
> > > Layer-3 (IP)
> >
> > Generally, perhaps, but it's not a requirement of the term "VPN" that it be
> > an L3 transition.
> >
> > >      Layer-2 applications like gaming can't be supported with
> > > Layer-3 tunneling.
> >
> > Plenty of games can successfully use IP.
>
> I was thinking more the case of joining lans. Obviously its not a  
> solution for all causes, as anything with more than 5-10 nodes per  
> site and more than 2-3 sites would get pretty ugly. I think a nice  
> thing would be for things that can ONLY use a local LAN due to either  
> software or developer restrictions.

Well, obviously.

> > > From my understanding, this software is pretty much acting like a
> > > bridge, but with endpoints over a routed IP network.
> > >
> > > Has anyone actually used this? Thoughts? Criticisms?
> >
> > I haven't used this particular software, but I've used OpenVPN (software of
> > the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all 
> > of
> > the usual restrictions on LAN-like traffic over a low-bandwidth,
> > high-latency link.  Most things that need to use Ethernet assume all sorts
> > of things that just don't hold over the Internet, and it causes some 
> > painful
> > hassles.  But, engineered properly, in the correct circumstances, it can be
> > handy to bridge two or more segments over a routed network.
>
> I've used a lot of VPN stuff in the past, but I've usually always  
> ended up doing it on a router, then had to NAT over it and all sorts  
> of nasty stuff. I think this is a nicer solution if it could be  
> implemented right :)

I don't think you quite got my point -- you *don't* need uvlan to bridge
Ethernet segments over a routed network; there are other products which will
do the same thing.  As I said, I've used OpenVPN to do this job, and my
experiences are given in that block of text you quoted.

> > A criticism of uvlan in particular is that I wouldn't trust my network
> > security to people who sound so clueless.  Their derision of VPNs, as you
> > quoted above, shows either a lack of sense or a blind hatred, using libpcap
> > in this situation gave me some chuckles, and their "What algorithms are
> > used?" page scares me a little.  I'll stick with OpenVPN, myself.
>
> I think it's come about of a case of wanting to do stuff that won't  
> work properly over a routed network (xbox games etc) - however could  
> be nicer for a lot more things.

XBox games don't work over a routed network?  Please tell me that XBox Live
isn't just a giant uvlan install.

- Matt

-- 
When the revolution comes, they won't be able to FIND the wall.
                -- Brian Kantor, in the Monastery