ppp over ssh?
Magosányi Árpád
mag at BUNUEL.TII.MATAV.HU
Tue Sep 12 04:09:18 EDT 2000
> I want a quick, cheap, secure, but not necessarily fast, VPN. I am
> planning on using PPP over SSH(SSL, actually) and then messing with
> some Linux routing tools (iproute and ipchains) to assemble this.
>
> Is there anything flawed in my idea? If not, is performance the only
> reason why not everyone is using this as their VPN solution?
I have written a HOWTO on ppp over ssh, but now I recommend you
freeswan or pipsecd instead. (I better like pipsecd, it is simple
enough for my little brain). In those days there were no robust VPN
implementation for linux, now we have it.
Reasons:
The TCP flow control does not do good to your performance
The reestablishment of the link can be problematic
It is nontrivial to make all layers of the link 8 bit clean
It is just a hack. Clever one (Hey, I made it!:), but still...
The only reasons to use vpn over ssh now are the following:
You cannot use ipsec with the other end (link or OS limitations)
You have one tcp port to tunnel the data through
You want to tunnel IPX or other braindamage
And in these cases you might want to take a look at pptp.
(Beware, pptp's protocol is broken, but wrapping it in ssl and
turning off crypto in pptp itself may be lesser work than ppp over ssh).
And if you want to tunnel a finite set of tcp ports, you can just use ssh,
or one of the ssl wrappers.
--
GNU GPL: csak tiszta forrásból
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list