[139856] in North American Network Operators' Group
RE: VPN over slow Internet connections
daemon@ATHENA.MIT.EDU (Brandon Kim)
Thu Apr 21 13:32:11 2011
From: Brandon Kim <brandon.kim@brandontek.com>
To: <darden@armc.org>, <bw-ml@mube.co.uk>, nanog group <nanog@nanog.org>
Date: Thu, 21 Apr 2011 13:32:01 -0400
In-Reply-To: <CBE22E5FF427B149A272DD1DDE10752404E22C1F@EX2K3.armc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I vote for Patrick's idea of allowing the end user to remote into a machine=
where the SQL resides.
This would eliminate a lot of potential issues....wish I had thought of tha=
t first!!!
> Subject: RE: VPN over slow Internet connections
> Date: Thu=2C 21 Apr 2011 13:10:09 -0400
> From: darden@armc.org
> To: bw-ml@mube.co.uk=3B nanog@nanog.org
>=20
>=20
> There's not that much overhead--your certs should be ok. TCP for SQL wou=
ld just make sense. I personally wouldn't want to do what you are contempl=
ating. Here's some stuff to think about:
>=20
> 1. your modems will not be able to do compression. You can't easily com=
press random data (e.g. encrypted).
> 2. you won't get 33.6 unless your phone lines are pristine. You better =
plan on 28.8--if you are lucky.
> 3. I would hone my SQL sharply so it produces the smallest most relevant=
data sets possible.
>=20
> 4. you might want to give them some kind of termnial/shell access for do=
ing their SQL remotely=2C instead of from home. Telnet or SSH. If you use=
d SSH you could obviate using a separate VPN=2C you could use -C for compre=
ssion=2C and you could do your SQL on the server side (or the on-site side)=
--all in all a speedier alternative.
>=20
> --Patrick Darden
>=20
>=20
> -----Original Message-----
> From: Ben Whorwood [mailto:bw-ml@mube.co.uk]
> Sent: Thursday=2C April 21=2C 2011 12:56 PM
> To: nanog@nanog.org
> Subject: VPN over slow Internet connections
>=20
>=20
> Dear all=2C
>=20
> Can anyone share any thoughts or experiences for VPN links running over=20
> slow Internet connections=2C typically 2kB/s - 3kB/s (think 33.6k modem)?
>=20
> We are looking into utilising OpenVPN for out-of-office workers who=20
> would be running mobile broadband in rural areas. Typical data across=20
> the wire would be SQL queries for custom applications and not much else.
>=20
> Some initial thoughts include...
>=20
> * How well would the connection handle certificate (>=3D 2048 bit key)=
=20
> based authentication?
> * Is UDP or TCP better considering the speed and possibility of=20
> packet loss (no figures to hand)?
> * Is VPN over this type of connection simply a bad idea?
>=20
> Many thanks in advance.
>=20
> Kind regards=2C
> Ben Whorwood
>=20
>=20
=
