Anyone using uvlan out there?

Fri Sep 14 03:03:50 UTC 2007

On Fri, Sep 14, 2007 at 12:33:03PM +1000, Steven Haigh wrote:
> Quoting Matt Palmer <mpalmer at hezmatt.org>:
> >On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
> >>   2. It doesn't require licensing
> >
> >Plenty of VPN products out there are FOSS;
> 
> Yeah - I wasn't too sure about this either. I haven't seen any VPN  
> software that requires licensing in years. I didn't know anyone still  
> required this?

There's plenty of lots-o-money VPN products out there; presumably that's
what they're talking about.  The problem is that the statement "uvlan isn't
a VPN because it doesn't require licencing" is a ridiculous statement,
because you don't have to have a licencing requirement to be a VPN.

> >>   3. It is much simpler
> >
> >Simpler than what?
> 
> Routing?

Simple is in the eye of the beholder.  Switched ethernet networks have their
complexities that routed networks don't...

> >>   4. It operates at Layer-2 (Ethernet), VPNs generally operate at
> >>Layer-3 (IP)
> >
> >Generally, perhaps, but it's not a requirement of the term "VPN" that it be
> >an L3 transition.
> >
> >>      Layer-2 applications like gaming can't be supported with
> >>Layer-3 tunneling.
> >
> >Plenty of games can successfully use IP.
> 
> I was thinking more the case of joining lans. Obviously its not a  
> solution for all causes, as anything with more than 5-10 nodes per  
> site and more than 2-3 sites would get pretty ugly. I think a nice  
> thing would be for things that can ONLY use a local LAN due to either  
> software or developer restrictions.

Well, obviously.

> >>From my understanding, this software is pretty much acting like a
> >>bridge, but with endpoints over a routed IP network.
> >>
> >>Has anyone actually used this? Thoughts? Criticisms?
> >
> >I haven't used this particular software, but I've used OpenVPN (software of
> >the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all 
> >of
> >the usual restrictions on LAN-like traffic over a low-bandwidth,
> >high-latency link.  Most things that need to use Ethernet assume all sorts
> >of things that just don't hold over the Internet, and it causes some 
> >painful
> >hassles.  But, engineered properly, in the correct circumstances, it can be
> >handy to bridge two or more segments over a routed network.
> 
> I've used a lot of VPN stuff in the past, but I've usually always  
> ended up doing it on a router, then had to NAT over it and all sorts  
> of nasty stuff. I think this is a nicer solution if it could be  
> implemented right :)

I don't think you quite got my point -- you *don't* need uvlan to bridge
Ethernet segments over a routed network; there are other products which will
do the same thing.  As I said, I've used OpenVPN to do this job, and my
experiences are given in that block of text you quoted.

> >A criticism of uvlan in particular is that I wouldn't trust my network
> >security to people who sound so clueless.  Their derision of VPNs, as you
> >quoted above, shows either a lack of sense or a blind hatred, using libpcap
> >in this situation gave me some chuckles, and their "What algorithms are
> >used?" page scares me a little.  I'll stick with OpenVPN, myself.
> 
> I think it's come about of a case of wanting to do stuff that won't  
> work properly over a routed network (xbox games etc) - however could  
> be nicer for a lot more things.

XBox games don't work over a routed network?  Please tell me that XBox Live
isn't just a giant uvlan install.

- Matt

-- 
When the revolution comes, they won't be able to FIND the wall.
		-- Brian Kantor, in the Monastery