Subject: RE: VPN over slow Internet connections
Date: Thu, 21 Apr 2011 13:10:09 -0400
From: darden () armc org
To: bw-ml () mube co uk; nanog () nanog org
There's not that much overhead--your certs should be ok. TCP for SQL would just make sense. I personally wouldn't
want to do what you are contemplating. Here's some stuff to think about:
1. your modems will not be able to do compression. You can't easily compress random data (e.g. encrypted).
2. you won't get 33.6 unless your phone lines are pristine. You better plan on 28.8--if you are lucky.
3. I would hone my SQL sharply so it produces the smallest most relevant data sets possible.
4. you might want to give them some kind of termnial/shell access for doing their SQL remotely, instead of from
home. Telnet or SSH. If you used SSH you could obviate using a separate VPN, you could use -C for compression, and
you could do your SQL on the server side (or the on-site side)--all in all a speedier alternative.
From: Ben Whorwood [mailto:bw-ml () mube co uk]
Sent: Thursday, April 21, 2011 12:56 PM
To: nanog () nanog org
Subject: VPN over slow Internet connections
Can anyone share any thoughts or experiences for VPN links running over
slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
We are looking into utilising OpenVPN for out-of-office workers who
would be running mobile broadband in rural areas. Typical data across
the wire would be SQL queries for custom applications and not much else.
Some initial thoughts include...
* How well would the connection handle certificate (>= 2048 bit key)
* Is UDP or TCP better considering the speed and possibility of
packet loss (no figures to hand)?
* Is VPN over this type of connection simply a bad idea?
Many thanks in advance.