VPN over slow Internet connections
brandon.kim at brandontek.com
Thu Apr 21 12:32:01 CDT 2011
I vote for Patrick's idea of allowing the end user to remote into a machine where the SQL resides.
This would eliminate a lot of potential issues....wish I had thought of that first!!!
> Subject: RE: VPN over slow Internet connections
> Date: Thu, 21 Apr 2011 13:10:09 -0400
> From: darden at armc.org
> To: bw-ml at mube.co.uk; nanog at nanog.org
> There's not that much overhead--your certs should be ok. TCP for SQL would just make sense. I personally wouldn't want to do what you are contemplating. Here's some stuff to think about:
> 1. your modems will not be able to do compression. You can't easily compress random data (e.g. encrypted).
> 2. you won't get 33.6 unless your phone lines are pristine. You better plan on 28.8--if you are lucky.
> 3. I would hone my SQL sharply so it produces the smallest most relevant data sets possible.
> 4. you might want to give them some kind of termnial/shell access for doing their SQL remotely, instead of from home. Telnet or SSH. If you used SSH you could obviate using a separate VPN, you could use -C for compression, and you could do your SQL on the server side (or the on-site side)--all in all a speedier alternative.
> --Patrick Darden
> -----Original Message-----
> From: Ben Whorwood [mailto:bw-ml at mube.co.uk]
> Sent: Thursday, April 21, 2011 12:56 PM
> To: nanog at nanog.org
> Subject: VPN over slow Internet connections
> Dear all,
> Can anyone share any thoughts or experiences for VPN links running over
> slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
> We are looking into utilising OpenVPN for out-of-office workers who
> would be running mobile broadband in rural areas. Typical data across
> the wire would be SQL queries for custom applications and not much else.
> Some initial thoughts include...
> * How well would the connection handle certificate (>= 2048 bit key)
> based authentication?
> * Is UDP or TCP better considering the speed and possibility of
> packet loss (no figures to hand)?
> * Is VPN over this type of connection simply a bad idea?
> Many thanks in advance.
> Kind regards,
> Ben Whorwood
More information about the NANOG