1 |
On Tuesday 12 February 2008, Alan McKinnon wrote: |
2 |
|
3 |
> > Perhaps confusingly, ssh itself can be used to create openVPN-like |
4 |
> > VPNs (actually, much simpler), using the -w option and a couple of |
5 |
> > tun (or tap) interfaces on the connected computers. |
6 |
> |
7 |
> hehehe, I'd forgetten about that one for a bit :-) |
8 |
> |
9 |
> I just thought of a nice way to describe the difference (seeing as |
10 |
> technically they are essentially equivalent): |
11 |
|
12 |
Well, almost. Ssh uses TCP, so a ssh-based VPN might encounter problems |
13 |
due to the notorious TCP-over-TCP issue (though I never had a problem, |
14 |
but I have a fast connection, so I might just be lucky), whereas OpenVPN |
15 |
uses UDP (by default at least) and thus must implement its own protocol |
16 |
for reliability and recovery. Both solutions introduce a certain amount |
17 |
of overhead, although I could not say which one is larger (perhaps |
18 |
OpenVPN?). |
19 |
(Well, actually every kind of VPN introduces some overhead, but that's |
20 |
another story.) |
21 |
From the point of view of the way virtual (tun/tap) interfaces are used, |
22 |
they are mostly the same, with OpenVPN designed to scale better when |
23 |
many connections are needed. |
24 |
|
25 |
Some considerations apply to both, for example that using bridged mode |
26 |
might rapidly produce a lot of traffic on the link if more than few |
27 |
machines are connected (especially if they are windows machines), so it |
28 |
should be avoided for large setups. |
29 |
|
30 |
> Use SSH if you need a quick ad-hoc connection or something temporary. |
31 |
> Use OpenVPN if you need something more permanent that is always prsent |
32 |
> and just works. |
33 |
|
34 |
100% agree :-) |
35 |
-- |
36 |
gentoo-user@l.g.o mailing list |