[139879] in North American Network Operators' Group
Re: VPN over slow Internet connections
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Thu Apr 21 16:33:45 2011
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <20110421203129.GQ27269@macbook.catpipe.net>
Date: Thu, 21 Apr 2011 16:33:34 -0400
To: Phil Regnauld <regnauld@nsrc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:
> Steven Bellovin (smb) writes:
>>
>> I should note: IPsec, being datagram-based, will also work well. PPTP,
>> which runs over TCP as far as I know, will suffer all of the ills I just
>> outlined.
>
> PPTP uses 1723/tcp for control, but the tunneled traffic is GRE,
> so that would work fine as well.
Ah, thanks for the correction.
>
>> If you do it correctly, a VPN is actually better: you can assign a
>> static internal IP address to each certificate. If the modem connection
>> drops, when you reconnect the applications will still have the same
>> IP address, so their connections won't be interrupted.
>
> Absolutely, that's the case with OpenVPN, if you assign static IPs to
> each profile. PPtP can do this as well, for instance using MPD.
> Very big advantage in fact.
Yup, I've done this myself with OpenVPN.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
