Home page logo

nanog logo nanog mailing list archives

RE: VPN over slow Internet connections
From: Brandon Kim <brandon.kim () brandontek com>
Date: Thu, 21 Apr 2011 13:32:01 -0400

I vote for Patrick's idea of allowing the end user to remote into a machine where the SQL resides.

This would eliminate a lot of potential issues....wish I had thought of that first!!!

Subject: RE: VPN over slow Internet connections
Date: Thu, 21 Apr 2011 13:10:09 -0400
From: darden () armc org
To: bw-ml () mube co uk; nanog () nanog org

There's not that much overhead--your certs should be ok.  TCP for SQL would just make sense.  I personally wouldn't 
want to do what you are contemplating.  Here's some stuff to think about:

1.  your modems will not be able to do compression.  You can't easily compress random data (e.g. encrypted).
2.  you won't get 33.6 unless your phone lines are pristine.  You better plan on 28.8--if you are lucky.
3.  I would hone my SQL sharply so it produces the smallest most relevant data sets possible.

4.  you might want to give them some kind of termnial/shell access for doing their SQL remotely, instead of from 
home.  Telnet or SSH.  If you used SSH you could obviate using a separate VPN, you could use -C for compression, and 
you could do your SQL on the server side (or the on-site side)--all in all a speedier alternative.

--Patrick Darden

-----Original Message-----
From: Ben Whorwood [mailto:bw-ml () mube co uk]
Sent: Thursday, April 21, 2011 12:56 PM
To: nanog () nanog org
Subject: VPN over slow Internet connections

Dear all,

Can anyone share any thoughts or experiences for VPN links running over 
slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?

We are looking into utilising OpenVPN for out-of-office workers who 
would be running mobile broadband in rural areas. Typical data across 
the wire would be SQL queries for custom applications and not much else.

Some initial thoughts include...

   * How well would the connection handle certificate (>= 2048 bit key) 
based authentication?
   * Is UDP or TCP better considering the speed and possibility of 
packet loss (no figures to hand)?
   * Is VPN over this type of connection simply a bad idea?

Many thanks in advance.

Kind regards,
Ben Whorwood


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]