nanog mailing list archives

Re: VPN over slow Internet connections

From: Phil Regnauld <regnauld () nsrc org>
Date: Thu, 21 Apr 2011 19:07:58 +0200

Ben Whorwood (bw-ml) writes:

Some initial thoughts include...

  * How well would the connection handle certificate (>= 2048 bit
key) based authentication?
  * Is UDP or TCP better considering the speed and possibility of
packet loss (no figures to hand)?


        I'd go for a UDP tunnel, as you wouldn't have to renegotiate
        a TCP session for the tunnel *and* whatever connection you've
        got going through that.

  * Is VPN over this type of connection simply a bad idea?


        I don't think it's a particularly bad idea.  But why don't you
        make you own tests using FreeBSD/dummynet, simulating 1-2%
        packet loss, limit bandwidth to 33 Kbit/s, and corresponding
        latency (say 100ms).

        I'd say your biggest concern won't be the VPN (you can make
        it completely stateless with static keys), but whatever protocol
        you've got running on top of that, and how it deals with the
        loss.
        
        Cheers,
        Phil

Current thread:

VPN over slow Internet connections Ben Whorwood (Apr 21)
- RE: VPN over slow Internet connections Brandon Kim (Apr 21)
- Re: VPN over slow Internet connections Phil Regnauld (Apr 21)
- RE: VPN over slow Internet connections Darden, Patrick S. (Apr 21)
  - Re: VPN over slow Internet connections Fred Richards (Apr 21)
  - RE: VPN over slow Internet connections Brandon Kim (Apr 21)
    - Re: VPN over slow Internet connections Matt Ryanczak (Apr 21)
    - RE: VPN over slow Internet connections Brandon Kim (Apr 21)
    - Re: VPN over slow Internet connections JC Dill (Apr 21)
- Re: VPN over slow Internet connections Valdis . Kletnieks (Apr 21)
  - Re: VPN over slow Internet connections Jeroen van Aart (Apr 21)
    - Re: VPN over slow Internet connections Wil Schultz (Apr 21)
- Re: VPN over slow Internet connections William Herrin (Apr 21)

(Thread continues...)