[ale] VPN Protocol Question

Michael B. Trausch mbt at zest.trausch.us
Wed Apr 15 22:26:00 EDT 2009


On Wed, 15 Apr 2009 22:18:21 -0400
Pat Regan <thehead at patshead.com> wrote:

> Michael B. Trausch wrote:
> > On Wed, 15 Apr 2009 15:22:16 -0400
> > Andrew Grieser <agrieser at gmail.com> wrote:
> >   
> >> I'd like to be able to securely connect to my home network while at
> >> school or elsewhere, and be able to tunnel all network traffic from
> >> the client to the server (http, dns, ssh, etc).  
> > 
> > What about PPP over SSH?  Instead of using a dial-up modem as a PPP
> > transport, though, you would instead use SSH.  That way,
> > authentication and encryption are already taken care of.  
> 
> Tunneling TCP over top of another TCP connection isn't the best
> idea.  A dropped packet plus enough delay on the bottom layer can
> cause a retransmit on both layers.  This used to be especially
> problematic on slow links because once you get enough of them in a
> row the previous retransmits were the cause of even more retransmits
> until the line fills up with nothing but error correcting data and
> very little real data.

While I hadn't really thought of that, I was thinking of something
more-or-less easily doable with user-level privileges that is
reasonably portable.  Configuring PPP is pretty easy, and usually (at
least, if memory serves) you can create PPP links as a normal user for
dialup, so doing the same over something like SSH would (again, if
memory serves) work in a similar fashion.  The only difference is that
you're using PPP over a terminal running over the Internet instead of
over a modem.

That said, wouldn't PPP over an error-correcting modem suffer similar
problems?

	--- Mike

-- 
I don't really know that anybody's proven that a random collection of
people doing their own thing actually creates value.
                            --- Steve Ballmer, 2007


More information about the Ale mailing list