VPN over slow Internet connections

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu Apr 21 12:17:05 CDT 2011


On Thu, 21 Apr 2011 17:55:32 BST, Ben Whorwood said:

>    * How well would the connection handle certificate (>= 2048 bit key) 
> based authentication?

It will hiccup for a moment (maybe a quarter or half second) for the data.  The
certificate exchange is the least of your problems.

>    * Is VPN over this type of connection simply a bad idea?

Well, 33.6k is a Bad Idea right there. :)  But if you're stuck with that
for technical reasons, but need a VPN for security reasons, it won't
be all *that* much worse, unless you're doing a lot of SSH or similar
short-packet single-keystroke traffic, where the VPN overhead will
start being a bit painful.  Shouldn't be too hard to model the traffic
involved to see if it's too painful - FreeBSD has dummynet IIRC.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110421/b30fc44c/attachment.bin>


More information about the NANOG mailing list