[VPN] Re: FW: VPN
Darren.Spruell at chw.edu
Fri Nov 18 13:48:43 EST 2005
From: Scott C. Best [mailto:sbest at best.com]
> 1. With echoWare, the service provider (eg, you) own and run your
> own echoServer. It doesn't rely on my continued uptime (eg,
> as a mediation server) in any way.
> 2. AFIAK, Hamachi uses a UDP hole-punching technique to bypass
> firewalls and routers. The resulting connection is then
> directly peer-to-peer. This has about a 95% success rate, as
> UDP hole-punching is a neat workaround, but not something
> that's firewall/router/proxy vendors actively support. With
> echoWare, the echoServer acts as a TCP relay between the two
> endpoints. The latency is increased, as is the connection
> 3. EchoWare (the client-side component that connects to the
> echoServer) is open-source, making it easier to include in
> other open-source projects. For instance, we added it into
> the TightVNC's Windows platform pretty easily. Hopefully
> our Linux version will be done soon as well.
> Also, the echoServer is hardly "only for VNC" -- echoWare
> will work for any user-to-user application. We wrapped a GUI around
> echoWare and call it "EchoVNC", but the echoServer itself is good
> for any echoWare-enabled application.
> Hamachi's approach of creating a virtual interface on
> both sides of the connection is an interesting one -- as you say,
> it solves for all layer-3 connections all at once, rather than
> echoWare's per-application approach. Maybe I should spend the
> time to create an EchoVPN product, based on echoWare. :)
I'm wondering how solutions like these offer benefit over the tradional VPN
approach. Assuming a dispreference for IPsec due to its complexity, what
about something much lighter weight such as OpenVPN? Per above named points:
1. You (the company/administrator/IT staff) run and administer your OpenVPN
2. Assuming you also control your own firewall, you can simply allow
connections through for the single port number or range of ports you use for
3. OpenVPN is of course Open Source too.
To boot, use of this kind of VPN solution provides transparent access to the
LAN or portions thereof as determined by your intentions, making
authenticated/connected clients virtually an extension of the LAN; no
per-application bit about it.
More information about the VPN