[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPSec questions...

On Wed, Jan 09, 2002 at 08:16:51AM +0200, Jussi Tawaststjerna wrote:
> Howdy,
> If you don't want to play with FreeS/WAN or CIPE or such, you could just
> rig an ssh connection and run PPP through it. This way you don't have to
> worry about patching kernels etc. (or at most, just compile PPP support
> in, as modules if you care about your uptime ;)
> http://www.linuxdoc.org/HOWTO/mini/VPN-4.html
> My friend's machine on the internet is also on my intranet,
> and it works great. Whatever I feed this IP, goes thru the ssh tunnel,
> including packets that ssh will not forward normally (udp packets etc)

IIRC the problem with this is, that as ssh runs over tcp and tcp packets
are encapsulated in those tcp packets, you will get a "tcp timer
One ssh packet gets dropped - The "outer" TCP stack is resubmitting -
Meanwhile the inner stack has detected the missing package and is also

I'm not sure whether that's correct but at least it's something like

See http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
(* An explanation why PPP over SSH and similar solutions are not a
good idea) for more information on this.

I'm using IPSec and was using cipe, but had problems with stability.

     Florian Friesdorf <42ff@gmx.net>
OpenPGP key available on public key servers

------> Save the future of Open Source <------
-> Online-Petition against Software Patents <-
------> http://petition.eurolinux.org <-------

Attachment: pgpwrgc0TzPHn.pgp
Description: PGP signature

Reply to: