[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: VPN opinions

From: "Dick St.Peters" <stpeters NetHeaven com>
To: redhat-list redhat com
Subject: Re: VPN opinions
Date: Thu Jan 30 17:39:03 2003

nate writes:
> also, depending on your needs, a full VPN may be overkill. Many remote
> server to server communications are usually about a specific service or
> services. In the case of a TCP service, e.g. mysql traffic, or LDAP
> traffic, I use stunnel to link machines. This is a simple point to
> point tunnel over SSL.

A problem that can arise when using stunnel for long-term tunnels is
that a single bad packet causes OpenSSL to return an error and stunnel
to drop the connection.  We had a case where a stunnel tunnel across
a noisy link would not stay up more than a few minutes under load.
Switching to CIPE and later OpenVPN gave robust tunnels over the same
network path.

That said, I have a user who has been using a stunnel/PPP tunnel for
almost two years, and his tunnel stays up for weeks at a time.

--
Dick St.Peters, stpeters NetHeaven com

References:
- VPN opinions
  - From: kmiller01
- Re: VPN opinions
  - From: nate

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]