On Tuesday 08 June 2004 09:38, oyk wrote: > >not always. I am using udp, not tcp (tcp over tcp is prone > >to 'internal meltdown' if your network losing packets, > >and you _must_ design your network as if it does, even in reality it > >works perfectly). Also, ethheader exists only on tap devices, not tun. > >So, my picture is: > > > >[ip(real ips)|udp|ip(tun ips)|.....] > > Thank you very much. > There are many companies and organizations are developing VPN based SSL, > such as stunnel. But many developments/solutions could solve TCP only.
SSL'ed protocols (i.e. tunneling streams over TCP) are fine. Tunneling TCP packets over TCP is another matter, its a Bad Thing. AFAIK even openvpn manpages have URL of the relevant article. > I think whether it is possible to develop SSL VPN based virtual NIC, which > could solve the whole IP protocols (TCP/UDP, ARP etc). Simultaneity, we > could do the fine-granted access control in the application layer to > protect the internal resource. In my last experience, I developed TDI > driver-based SSL VPN solution (for widnows client). And the server just do > like stunnel. I think it is hard to support UDP, ARP on this routine. So, I > want to do some work on the virtual NIC. > Could you give me some your advice? > Thanks a lot. I don't understand what you're asking, sorry. Doesn't OpenVPN already does what you want? -- vda