Re: [Openvpn-users] IPSEC/GRE feature idea/request

[Andrew McGill <andrew2005@xxxxxxxxxxx>]

Around 10:43am on Fri, 4 Feb 2005 a mail from Jim Drash said ...

> It is very easy to do QoS for OpenVPN in either UDP or TCP
> mode.  It only uses one port numer: 1194 (in version 2.0).  
> Why would one go through the considerable effort to masquerade
> as some other VPN when just running the 2.0 rev and doing QoS
> on one prt is trivial?

Getting a chain of ISPs to adjust their QoS policies for OpenVPN
is not a trivial task - and may in fact be actively resisted
(they would prefer their customers to use their own more
expensive solutions).  However, it would be nice to be able to
make use of the facilities they do provide.  One can sometimes
find a port combination that is prioritised (e.g.  the same port
is prioritised for TCP and UDP), but more flexibility would be
very handy.

It doesn't seem to be such a hard task for openvpn to support TCP
in addition to UDP, so adding support for additional (stateless)
protocols should be just a function table lookup and a dynamic
module away  &:-)

> On Fri, 4 Feb 2005 16:47:18 +0200 (SAST), Andrew McGill wrote:
> > Some networks prioritize various IP protocols that are used for
> > VPNs (GRE, AH, ESP), while providing poor support for UDP (UDP is
> > for evil peer to peer file sharing protocols, you see)
> > 
> > Would it be
> > 
> > (a) possible and
> > (b) portable
> > 
> > to run OpenVPN with an arbitarily assigned IP protocol?
> > 
> > In terms of the way that protocol prioritisation is implemented,
> > would it actually work, or would one have to work unreasonably
> > hard to pass off OpenVPN packets as IPSEC / MS PPTP?
> > 
> > For the same price, encapsulation in ICMP echo(-reply) packets
> > would be a bonus.
> > 
> > &:-)

-- 
Linux - because we're not smart enough to use windows


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users