VPN over slow Internet connections
Steven Bellovin
smb at cs.columbia.edu
Thu Apr 21 20:33:34 UTC 2011
On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:
> Steven Bellovin (smb) writes:
>>
>> I should note: IPsec, being datagram-based, will also work well. PPTP,
>> which runs over TCP as far as I know, will suffer all of the ills I just
>> outlined.
>
> PPTP uses 1723/tcp for control, but the tunneled traffic is GRE,
> so that would work fine as well.
Ah, thanks for the correction.
>
>> If you do it correctly, a VPN is actually better: you can assign a
>> static internal IP address to each certificate. If the modem connection
>> drops, when you reconnect the applications will still have the same
>> IP address, so their connections won't be interrupted.
>
> Absolutely, that's the case with OpenVPN, if you assign static IPs to
> each profile. PPtP can do this as well, for instance using MPD.
> Very big advantage in fact.
Yup, I've done this myself with OpenVPN.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the NANOG
mailing list