Thanks Shawn! However, upon googling and familiarizing myself with some material ( http://crazyvlan.blogspot.de/2013/06/implementing-multi-homed-and-load.html etc. ), I don't see how this solves the "renegotiate session-key every time your connection breaks" issue for a simple user who has a single unreliable internet link.
It might be useful for a number of different, enterprise-typical conditions (such as when you have n+1 ISP connections for redundancy, and need VPN to operate seamlessly when one of them fails) However, what I have in mind is something that is geared towards a conventional user with conventional smartphone, who has a single and less-than-reliable data link with limited bandwidth (and relatively limited battery resource). Sincerely, J On Mon, May 4, 2015 at 1:33 PM, shawn wilson <ag4ve...@gmail.com> wrote: > > On May 4, 2015 5:09 AM, "Jane" <laterc...@consultant.com> wrote: > > > > Actually, in my oh so very humble opinion, world has enough reasonably > good VPNs that can operate on reasonably good connections. > > > > What is lacking is something that can function transparently and > effectively on a very flakey connection (thing lousy GPRS one) without > introducing noticeable overhead. > > Given that lousy GPRS connections are unstable, any classic VPN scheme > starts suffering a lot of connection re-negotiation overhead, which sucks > (even if the overhead for a single instance of properly negotiating a > session key is minuscle, when you do it every goddamn time connection is > lost, it starts adding up really fast). > > Also, hearbeating tends to eat mobile battery pretty fast. > > > > What you're looking for is "multi homed vpn", there are quite a few posts > and articles on the subject. Both OpenVPN and IPSec can do this (though > IPSec is more flexible and should do exactly what you want). >
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
