Peter Clay <[EMAIL PROTECTED]> writes:

>If you want a VPN that road warriors can use, you have to do it with IP-over-
>TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft

IP-over-TCP has some potential performance problems, see, although having used SSH and
SSL tunnels quite a lot, I wonder how serious this really is - the author of
the above analysis mentions performance problems on a link with a high level
of packet loss, but on a typical link I haven't found any real problems.  If
you specifically want a pure TCP tunnel though, there's a pile of solutions
available, of which the easiest to set up is SSH (point it at the target,
indicate that you want port forwarding, and you're done).

>If someone out there wants to write VPN software that becomes widely used,
>then they should make a free IP-over-TCP solution that works on Windows and
>Linux which uses password authentication.

Some guy called Ylonen already did this in 1995 :-).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to