[ale] VPN Protocol Question
Michael B. Trausch
mbt at zest.trausch.us
Wed Apr 15 22:26:00 EDT 2009
On Wed, 15 Apr 2009 22:18:21 -0400
Pat Regan <thehead at patshead.com> wrote:
> Michael B. Trausch wrote:
> > On Wed, 15 Apr 2009 15:22:16 -0400
> > Andrew Grieser <agrieser at gmail.com> wrote:
> >
> >> I'd like to be able to securely connect to my home network while at
> >> school or elsewhere, and be able to tunnel all network traffic from
> >> the client to the server (http, dns, ssh, etc).
> >
> > What about PPP over SSH? Instead of using a dial-up modem as a PPP
> > transport, though, you would instead use SSH. That way,
> > authentication and encryption are already taken care of.
>
> Tunneling TCP over top of another TCP connection isn't the best
> idea. A dropped packet plus enough delay on the bottom layer can
> cause a retransmit on both layers. This used to be especially
> problematic on slow links because once you get enough of them in a
> row the previous retransmits were the cause of even more retransmits
> until the line fills up with nothing but error correcting data and
> very little real data.
While I hadn't really thought of that, I was thinking of something
more-or-less easily doable with user-level privileges that is
reasonably portable. Configuring PPP is pretty easy, and usually (at
least, if memory serves) you can create PPP links as a normal user for
dialup, so doing the same over something like SSH would (again, if
memory serves) work in a similar fashion. The only difference is that
you're using PPP over a terminal running over the Internet instead of
over a modem.
That said, wouldn't PPP over an error-correcting modem suffer similar
problems?
--- Mike
--
I don't really know that anybody's proven that a random collection of
people doing their own thing actually creates value.
--- Steve Ballmer, 2007
More information about the Ale
mailing list