On Tuesday 08 June 2004 09:38, oyk wrote:
> >not always. I am using udp, not tcp (tcp over tcp is prone
> >to 'internal meltdown' if your network losing packets,
> >and you _must_ design your network as if it does, even in reality it
> >works perfectly). Also, ethheader exists only on tap devices, not tun.
> >So, my picture is:
> >
> >[ip(real ips)|udp|ip(tun ips)|.....]
>
> Thank you very much.
> There are many companies and organizations are developing VPN based SSL,
> such as stunnel. But many developments/solutions could solve TCP only.

SSL'ed protocols (i.e. tunneling streams over TCP) are fine.
Tunneling TCP packets over TCP is another matter, its a Bad Thing.
AFAIK even openvpn manpages have URL of the relevant article.

> I think whether it is possible to develop SSL VPN based virtual NIC, which
> could solve the whole IP protocols (TCP/UDP, ARP etc). Simultaneity, we
> could do the fine-granted access control in the application layer to
> protect the internal resource. In my last experience, I developed TDI
> driver-based SSL VPN solution (for widnows client). And the server just do
> like stunnel. I think it is hard to support UDP, ARP on this routine. So, I
> want to do some work on the virtual NIC.
> Could you give me some your advice?
> Thanks a lot.

I don't understand what you're asking, sorry.
Doesn't OpenVPN already does what you want?
-- 
vda

Reply via email to