bishop wrote:
Hi Francois,
I don't think VTun can be completely silent if it's idle. In fact, I
think that no TCP or UDP tunnel app can. (Folks: correct me if I'm wrong?)
Yes and No. If the keep alice option is set then there will be keep
alives sent during the period specified. I believe in Linux this
is set to 7200s (2 Hours). Me apps need to be connected 24x7 and
it is critical they stay connected. One of our apps is a client that
connects to a remote device and then reads data from it in real-time.
This data can be slow coming and actually make firewalls forget
about our connection. Kinda like leaving ssh connected overnight
while sleeping.
On this server I've got my KA tuned to 300s.
Stepping away even farther, when we consider what happens when there's
traffic on the server end, and no data to bring up the on-demand link
from the client end, then most on-demand services are no good in a
permanent setup. I used diald, back in the day, but it became far more
of a liability when someone left ICQ running -- thinking you're offline
and knowing it are two different ideas when the link's expensive!
YES! I had a customer that was too cheap for to add
LD on their phone line. Last moth they were billed over $13,000
from AT&T because there was a config issue that kept the device
dialing up constantly. Now there are protections in place. The
admin gets notified of these things but then again how good is
was the admin in seeing this. I hope they were able to talk AT&T
out of that bill and did get some good LD on that line.
Having said that, look into pipsec by Pierre Beyssac at
http://perso.telecom-paristech.fr/~beyssac/pipsec/ . It chatters
lightly when it's idle, but maybe we can disable that. It seems to
completely hate openssl, these days, but it's easy enough to configure
if you can get over that obstacle.
Along the same vein, look into a tie into the ipsec code in whatever
freeswan became, and see if you can cut a connection routine into the
opportunistic encryption bit. I think that if you cause it to bring up
a link in addition to encrypting data for peers whose key it's cached,
then you could provide yourself a very nice and light on demand
mechanism; most of the work's done for you. Just tell me what happens
when there's arbitrary data coming back and there's no sat link.
Honestly, I like the pppd option. pppd in this setup will only send
traffic when traffic is needed. The tunnel will have to send a KA though.
Vtun would be heavyweight and I would look at a simple solution.
Maybe even writing something simple that would execute pppd on
pseudos and send traffic as needed.
- bish
Francois Goudal wrote:
Hi,
I'd like to setup a tunnel between a dialup computer and a server.
Since the cost of the dialup connection is extremely expensive (it goes
over satellite), it uses dial on demand, so that if there is no traffic,
the channel gets closed, so I'm not paying.
I already tried some other tunnel stuff, like OpenVPN, but the problem
is that for the negociation between client and server, some data is
going through permanently (keepalive, and key exchange, ...), even if
there's no actual data to be transferred through the tunnel.
I'm looking for a tunnel solution that would have no negociation between
the two hosts. Each host would be configured with the other end IP
address, and that would only make traffic when there is traffic to be
tunnelled. Is it something I could do with Vtun ?
Best regards,
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Vtun-Users mailing list
Vtun-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/vtun-users
