VPN recommendations?
Bill McGonigle
bill at bfccomputing.com
Fri Jun 29 16:50:36 EDT 2007
On Jun 28, 2007, at 18:22, Ben Scott wrote:
> Tunneling TCP/IP over TCP (with or without a VPN) can be a
> performance disaster.
Somebody wrote a "considered harmful" paper about this once on the
net and everybody believes him. On the other hand, I've built a
product using this kind of encapsulation and it works fine. Even on
bad network connections (a couple hundred sites across the country
with a wide variety of connections), throughput is high. The network
appliance I built kept 2 T1 lines full all day every day about 4
years ago and performance on each was approximately close to the
ideal max. If you expect to be taking enemy fire, just use inittab
to watch the connection.
> I recommend OpenVPN-over-UDP as the first choice, leaving
> OpenVPN-over-TCP for situations where you just can't get UDP though.
> FWIW, I've had no problems getting the UDP-based transport to work
> with OpenVPN.
And this is obviously better (more efficient) when you can get it the
packets through.
> Unfortunately, PPTP is somewhat suspect when it comes to the actual
> security of the protocol.
IIRC there was a flaw in Microsoft's md4 implementation and the
protocol is fine. Data to the contrary appreciated. :)
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list