[139853] in North American Network Operators' Group
Re: VPN over slow Internet connections
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Apr 21 13:18:44 2011
To: Ben Whorwood <bw-ml@mube.co.uk>
In-Reply-To: Your message of "Thu, 21 Apr 2011 17:55:32 BST."
<4DB06184.30508@mube.co.uk>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 21 Apr 2011 13:17:05 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1303406225_4921P
Content-Type: text/plain; charset=us-ascii
On Thu, 21 Apr 2011 17:55:32 BST, Ben Whorwood said:
> * How well would the connection handle certificate (>= 2048 bit key)
> based authentication?
It will hiccup for a moment (maybe a quarter or half second) for the data. The
certificate exchange is the least of your problems.
> * Is VPN over this type of connection simply a bad idea?
Well, 33.6k is a Bad Idea right there. :) But if you're stuck with that
for technical reasons, but need a VPN for security reasons, it won't
be all *that* much worse, unless you're doing a lot of SSH or similar
short-packet single-keystroke traffic, where the VPN overhead will
start being a bit painful. Shouldn't be too hard to model the traffic
involved to see if it's too painful - FreeBSD has dummynet IIRC.
--==_Exmh_1303406225_4921P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFNsGaRcC3lWbTT17ARAuMJAKD2bxb3sFMfBcTpAkUl0OLoBQLGPwCePAC7
7ods/wf86MzBd+wFQlvywjs=
=t0Rx
-----END PGP SIGNATURE-----
--==_Exmh_1303406225_4921P--
