Anyone using uvlan out there?

Fri Sep 14 02:33:03 UTC 2007

Quoting Matt Palmer <mpalmer at hezmatt.org>:
> On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
>> From the web site:
>> uvlan is a User-space Virtual Local Area Network. In other words,
>> uvlan peers act as nodes on a network switch. Routing ethernet
>> traffic between peers inteligently. Thus allowing for multiple
>> networks to share resources and even IP address space. Some may call
>> it a VPN (Virtual Private Network) application, but it's much more
>> powerful. Differences with traditional VPN technology:
>
> It's a VPN.  None of these supposed "differences" are different from the
> fundamental characteristics of a VPN:
>
>>    1. It is peer-to-peer
>
> invoke_buzzword_of_the_month();

Yeah - I don't quite agree with this in the traditional P2P sense,  
however I think they mean that they can connect multiple sites and  
have data transit between them. I'll cut them a break here because  
it's hard to describe how it works in so few words :)

>>    2. It doesn't require licensing
>
> Plenty of VPN products out there are FOSS;

Yeah - I wasn't too sure about this either. I haven't seen any VPN  
software that requires licensing in years. I didn't know anyone still  
required this?

>>    3. It is much simpler
>
> Simpler than what?

Routing?

>>    4. It operates at Layer-2 (Ethernet), VPNs generally operate at
>> Layer-3 (IP)
>
> Generally, perhaps, but it's not a requirement of the term "VPN" that it be
> an L3 transition.
>
>>       Layer-2 applications like gaming can't be supported with
>> Layer-3 tunneling.
>
> Plenty of games can successfully use IP.

I was thinking more the case of joining lans. Obviously its not a  
solution for all causes, as anything with more than 5-10 nodes per  
site and more than 2-3 sites would get pretty ugly. I think a nice  
thing would be for things that can ONLY use a local LAN due to either  
software or developer restrictions.

>> From my understanding, this software is pretty much acting like a
>> bridge, but with endpoints over a routed IP network.
>>
>> Has anyone actually used this? Thoughts? Criticisms?
>
> I haven't used this particular software, but I've used OpenVPN (software of
> the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of
> the usual restrictions on LAN-like traffic over a low-bandwidth,
> high-latency link.  Most things that need to use Ethernet assume all sorts
> of things that just don't hold over the Internet, and it causes some painful
> hassles.  But, engineered properly, in the correct circumstances, it can be
> handy to bridge two or more segments over a routed network.

I've used a lot of VPN stuff in the past, but I've usually always  
ended up doing it on a router, then had to NAT over it and all sorts  
of nasty stuff. I think this is a nicer solution if it could be  
implemented right :)

> A criticism of uvlan in particular is that I wouldn't trust my network
> security to people who sound so clueless.  Their derision of VPNs, as you
> quoted above, shows either a lack of sense or a blind hatred, using libpcap
> in this situation gave me some chuckles, and their "What algorithms are
> used?" page scares me a little.  I'll stick with OpenVPN, myself.

I think it's come about of a case of wanting to do stuff that won't  
work properly over a routed network (xbox games etc) - however could  
be nicer for a lot more things.

>> Phone: (03) 90001 6090 - 0412 935 897
>
> Gee you Melbournians are advanced... you've already gone to 11 digit phone
> numbers...  <grin>

Damn typos. I've just changed numbers, I must have typo'ed it when  
updating the sig on my desktop. At least it's right in other places ;)

-- 
Steven Haigh

Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897