[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Re: OpenVPN through ssh?

  • Subject: Re: [Openvpn-users] Re: OpenVPN through ssh?
  • From: jessica six <jessica6_2000@xxxxxxxxx>
  • Date: Tue, 9 May 2006 07:47:03 -0700 (PDT)
--- Charles Duffy <cduffy@xxxxxxxxxxx> wrote:

> 
> First -- there's no reason to tunnel through SSH,
> since OpenVPN will use 
> OpenSSL for a crypto layer in TCP mode. Not that you
> couldn't; I'm just 
> not sure what the point is. (If there are
> firewalling issues or such, 
> then that would make sense: Just turn off the crypto
> on one layer or 
> another so that you're not taking more of a hit than
> you need to).
> 
> Second -- yes, I've seen TCP-based VPNs bog down. It
> doesn't always 
> happen, and there are folks who report that they've
> used them for a 
> substantial period of time without issue; however,
> it /does/ indeed happen.
> 
> Third -- if you're bridging, you're going to be
> using more bandwidth 
> than if you were routing (particularly if the
> networks you're bridging 
> together have a substantial amount of broadcast
> traffic), and thus are 
> more likely to run into this kind of issue than you
> would be otherwise.
> 
Hello, and thanks for the reply.

1) Yes, firewall issue.  SSH is already permitted, and
it can see the internal network where the openVPN
server lives.  So the ssh redirect works well.  Plus I
think this would give me better security with an
additinal level of authentication, and less likelihood
of 'man in the middle' attacks.  But I'm interested in
the discussion.

2) ok

3) This setup would be used for clients travelling,
and needing access to internal resources.  Routing
would require routes on ALL internal resources to use
the Openvpn server for the range of addresses it
assigns.  I don't think this is what I want.  With
bridging, the client is assigned an IP on the internal
network and all access works.

Thanks again for replies!


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00085.html on line 230

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2006-05/msg00085.html on line 230