Open Source (was Simple SSL/TLS - Some Questions)
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Oct 9 05:48:42 EDT 2003
Peter Clay <pete at flatline.org.uk> writes:
>If you want a VPN that road warriors can use, you have to do it with IP-over-
>TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft
>PPTP.
IP-over-TCP has some potential performance problems, see
http://sites.inka.de/bigred/devel/tcp-tcp.html, although having used SSH and
SSL tunnels quite a lot, I wonder how serious this really is - the author of
the above analysis mentions performance problems on a link with a high level
of packet loss, but on a typical link I haven't found any real problems. If
you specifically want a pure TCP tunnel though, there's a pile of solutions
available, of which the easiest to set up is SSH (point it at the target,
indicate that you want port forwarding, and you're done).
>If someone out there wants to write VPN software that becomes widely used,
>then they should make a free IP-over-TCP solution that works on Windows and
>Linux which uses password authentication.
Some guy called Ylonen already did this in 1995 :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list