[139852] in North American Network Operators' Group
RE: VPN over slow Internet connections
daemon@ATHENA.MIT.EDU (Darden, Patrick S.)
Thu Apr 21 13:16:45 2011
Date: Thu, 21 Apr 2011 13:10:09 -0400
In-Reply-To: <4DB06184.30508@mube.co.uk>
From: "Darden, Patrick S." <darden@armc.org>
To: "Ben Whorwood" <bw-ml@mube.co.uk>,
<nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
There's not that much overhead--your certs should be ok. TCP for SQL =
would just make sense. I personally wouldn't want to do what you are =
contemplating. Here's some stuff to think about:
1. your modems will not be able to do compression. You can't easily =
compress random data (e.g. encrypted).
2. you won't get 33.6 unless your phone lines are pristine. You better =
plan on 28.8--if you are lucky.
3. I would hone my SQL sharply so it produces the smallest most =
relevant data sets possible.
4. you might want to give them some kind of termnial/shell access for =
doing their SQL remotely, instead of from home. Telnet or SSH. If you =
used SSH you could obviate using a separate VPN, you could use -C for =
compression, and you could do your SQL on the server side (or the =
on-site side)--all in all a speedier alternative.
--Patrick Darden
-----Original Message-----
From: Ben Whorwood [mailto:bw-ml@mube.co.uk]
Sent: Thursday, April 21, 2011 12:56 PM
To: nanog@nanog.org
Subject: VPN over slow Internet connections
Dear all,
Can anyone share any thoughts or experiences for VPN links running over=20
slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
We are looking into utilising OpenVPN for out-of-office workers who=20
would be running mobile broadband in rural areas. Typical data across=20
the wire would be SQL queries for custom applications and not much else.
Some initial thoughts include...
* How well would the connection handle certificate (>=3D 2048 bit =
key)=20
based authentication?
* Is UDP or TCP better considering the speed and possibility of=20
packet loss (no figures to hand)?
* Is VPN over this type of connection simply a bad idea?
Many thanks in advance.
Kind regards,
Ben Whorwood
