[VPN] Slow Stunnel-PPP vpn through Openbsd nat firewall
Bennett Todd
bet at rahul.net
Thu Jun 5 16:40:04 EDT 2003
2003-05-31T22:50:38 Peter W. Merritt:
> I believe it has something to do with the natting because
> speeds are normal browsing on the Lan hosts.
Could it possibly be that when you go out onto the internet, the
latency and loss rates you see are more variable than they are on
your LAN?
Encapsulating TCP (within PPP) over another layer of TCP
exhaggerates the performance problems that may not be noticeable
enough to be a bother when using the internet directly.
Check out "Why TCP Over TCP Is A Bad Idea" available from
<URL:http://sites.inka.de/sites/bigred/devel/tcp-tcp.html>
(just pulled it up from Google with "CIPE tcp bad", dunno if that's
the best canonical link for archival but it just worked for me) to
see a nice analysis of why.
PPP-over-ssh and PPP-over-stunnel are conceptually appealing VPN
strategies, building as they do on quite mature and widely-deployed
components that are fairly simple to use. But IPSec, CIPE, and
OpenVPN should deliver more consistent performance.
-Bennett
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/vpn/attachments/20030605/c4ffb019/attachment.pgp
More information about the VPN
mailing list