On Wed, 2013-05-15 at 08:53 -0400, Chris Buechler wrote: > On Wed, May 15, 2013 at 8:07 AM, Chris Bagnall > <[email protected]> wrote: > > Greetings list, > > > > One of our clients is currently building a property in the middle of > > nowhere, and traditional (*DSL/cable/wireless) services aren't feasible, > > which leaves the only option being satellite. > > > > Unfortunately, satellite broadband services available to them only seem to > > offer a dynamic RFC1918 address, and there does not seem to be an upgrade to > > a public routeable IP. > > > > So the only option I've come up with is to 'nail up' a VPN from the pfSense > > at the client's premises to another pfSense in a datacentre, from which we > > can route their traffic over a static address (and provide v6 etc.). > > > > Has anyone tried this in anger, or indeed, can anyone suggest a better > > approach? > > > > People do it. The only problem I've heard of tends to be the fact that > the VPN traffic can't be mangled by the built-in TCP optimizations in > the modem for high latency, so performance of traffic over the VPN > tends to be worse than traffic outside the VPN. I'm not aware of any > way of getting a public IP to connectivity where you're stuck with a > private IP where you don't lose that benefit though. Any kind of > encapsulation will do that, and where you don't have a public IP on > one end you're greatly limiting what options you have.
hi all yea -- chris is right -- and depending what satellite provider you're on, tcp modification will most like be dropped. it's been a while, but over here in europe satlynx/gilat's modem as well as eutelsat's modem are in fact routers -- they strip off the tcp/ip headers and use their own protocol to get packets from the satellite modem back to the earth station. at the earth station, tcp/ip headers are added on and routing begins normally. most of the satellite operators use standard providers for Internet -- back when i was working with this, Eutelsat used Colt for connectivity (one of several providers), We stuck our boxes at Colt knowing that they were "close" to the earth station. obviously, i would avoid encrypting when possible -- the latency is already dramatic! cheers m
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
