On Tuesday 12 February 2008, Alan McKinnon wrote: > > Perhaps confusingly, ssh itself can be used to create openVPN-like > > VPNs (actually, much simpler), using the -w option and a couple of > > tun (or tap) interfaces on the connected computers. > > hehehe, I'd forgetten about that one for a bit :-) > > I just thought of a nice way to describe the difference (seeing as > technically they are essentially equivalent):
Well, almost. Ssh uses TCP, so a ssh-based VPN might encounter problems due to the notorious TCP-over-TCP issue (though I never had a problem, but I have a fast connection, so I might just be lucky), whereas OpenVPN uses UDP (by default at least) and thus must implement its own protocol for reliability and recovery. Both solutions introduce a certain amount of overhead, although I could not say which one is larger (perhaps OpenVPN?). (Well, actually every kind of VPN introduces some overhead, but that's another story.) From the point of view of the way virtual (tun/tap) interfaces are used, they are mostly the same, with OpenVPN designed to scale better when many connections are needed. Some considerations apply to both, for example that using bridged mode might rapidly produce a lot of traffic on the link if more than few machines are connected (especially if they are windows machines), so it should be avoided for large setups. > Use SSH if you need a quick ad-hoc connection or something temporary. > Use OpenVPN if you need something more permanent that is always prsent > and just works. 100% agree :-) -- gentoo-user@lists.gentoo.org mailing list
