| 1 |
On Tuesday 12 February 2008, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> > Perhaps confusingly, ssh itself can be used to create openVPN-like |
| 4 |
> > VPNs (actually, much simpler), using the -w option and a couple of |
| 5 |
> > tun (or tap) interfaces on the connected computers. |
| 6 |
> |
| 7 |
> hehehe, I'd forgetten about that one for a bit :-) |
| 8 |
> |
| 9 |
> I just thought of a nice way to describe the difference (seeing as |
| 10 |
> technically they are essentially equivalent): |
| 11 |
|
| 12 |
Well, almost. Ssh uses TCP, so a ssh-based VPN might encounter problems |
| 13 |
due to the notorious TCP-over-TCP issue (though I never had a problem, |
| 14 |
but I have a fast connection, so I might just be lucky), whereas OpenVPN |
| 15 |
uses UDP (by default at least) and thus must implement its own protocol |
| 16 |
for reliability and recovery. Both solutions introduce a certain amount |
| 17 |
of overhead, although I could not say which one is larger (perhaps |
| 18 |
OpenVPN?). |
| 19 |
(Well, actually every kind of VPN introduces some overhead, but that's |
| 20 |
another story.) |
| 21 |
From the point of view of the way virtual (tun/tap) interfaces are used, |
| 22 |
they are mostly the same, with OpenVPN designed to scale better when |
| 23 |
many connections are needed. |
| 24 |
|
| 25 |
Some considerations apply to both, for example that using bridged mode |
| 26 |
might rapidly produce a lot of traffic on the link if more than few |
| 27 |
machines are connected (especially if they are windows machines), so it |
| 28 |
should be avoided for large setups. |
| 29 |
|
| 30 |
> Use SSH if you need a quick ad-hoc connection or something temporary. |
| 31 |
> Use OpenVPN if you need something more permanent that is always prsent |
| 32 |
> and just works. |
| 33 |
|
| 34 |
100% agree :-) |
| 35 |
-- |
| 36 |
gentoo-user@l.g.o mailing list |
Archives