I'm new to NVC and VPN's but I'd like to share something I came across
on www.grc.com. It's a discussion about using this software called
Hamachi for tunneling VNC. The full discussions regarding this can be
found at http://www.grc.com/SecurityNow.htm#23 (episodes 18 & 19)
As far as I've understood, SSH is TCP.
Hannu
Steve: Tunneling TCP through TCP is problematical because TCP is itself
an error correction guaranteed
packet delivery protocol. When you tunnel one of those protocols within
another of those protocols, they're
not talking to each other because they're sort of separate sheaths that
are carrying your data. You can get
very bad performance when you tunnel TCP in TCP. This is one of the
things that's given VPNs a bad name.
The other...
...
Steve: ...the computers are fighting. The solution is to use UDP as the
transport protocol. There you're
sending packets only when you need to. So the internal TCP protocol gets
encapsulated in UDP, and that's
what Hamachi uses. And also because UDP translates through NAT routers
and traverses NAT routers far
more easily.
...
Steve: It's the right way to do a VPN. Now, the one other glitch that
VPN - the thing that hurts VPNs is,
when you encapsulate packets, you make them bigger. And so what can
happen is your packets can be
fragmented because they won't traverse the Internet because they end up
being too big when they're
wrapped in the packet. Hamachi fixes that and knows how to change the
stack in your machine so that the
TCP packets it generates are already shrunk, so that when it's
encapsulated, it still fits in within what's called
the MSS, the Maximum Segment Size, so that it won't fragment the
packets. So you get, I mean, really good
performance. In fact, I have, using Remote Desktop before, I have
forgotten sometimes that I'm not on my
computer. I mean, it's just not a painful experience.
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
