[Spread-users] Tunnels
Mark Anacker
manacker at lizardtech.com
Thu Jan 10 12:01:36 EST 2002
>I understand how that works. It gets sent of an IP link... IPSEC
>provides a secure IP layer. TCP/IP.. UDP/IP.. call it whatever suits
>you. That is exactly what happens in my set up. I can do 100Mbs solid
>between my VPNs (encrypted). They are dedicated hardware devices.
>Their real IP addresses are firewalled so that they can only see each
>other only are only visible to each other.
>The latency involved when encrypting the packets and encapsulating in a
>new IP frame is negligible compared the latency between my sites.
Nice, but a bit expensive for my home networks.
>Tunneling things over ssh is SLOW unless you have a hardware card
>supported by openssl and utilize that. Besides, you machine is busy
>doing other things and shouldn't be bogged down with encryption. Spread
>is pretty CPU hungry when you start pushing heavy traffic.
I've never noticed a performance problem with SSH, and I usually have
several
sessions going at once. The firewall/proxy box *is* a dedicated Linux
machine,
but I'll swamp the net bandwidth before I bog the machine down.
>As for administrating yet another configuration... Your network admin
>should be responsible for that. If you are the network admin -- its
>your job ;-) Basically, my opinion is that you need a solution or you
>don't. The IPSEC solution that I use is probably the most cost
>effective solution for my needs. UDP and TCP have little bearing on the
No, software design is my *job* - maintaining this network was supposed to
be
a *hobby* :-) I've been a network admin, and believe me, the family is a
much
more demanding user base than any bunch of cubicle dwellers. Not only do
they
demand 24/7 support, but they know where I live :-)
No, the reasons I wanted a TCP tunneling mechanism are:
- it lets me cheaply, securely distribute spread segments
- it's built into spread, so no extra stuff is required (apart from the
tunneling mechanism)
- it works on any platform spread does, including Windows, without OS
modifications
I think I'll go wander through the code and see what I can come up with.
More information about the Spread-users
mailing list