VPN over slow Internet connections

Brandon Kim brandon.kim at brandontek.com
Thu Apr 21 12:32:01 CDT 2011


I vote for Patrick's idea of allowing the end user to remote into a machine where the SQL resides.

This would eliminate a lot of potential issues....wish I had thought of that first!!!




> Subject: RE: VPN over slow Internet connections
> Date: Thu, 21 Apr 2011 13:10:09 -0400
> From: darden at armc.org
> To: bw-ml at mube.co.uk; nanog at nanog.org
> 
> 
> There's not that much overhead--your certs should be ok.  TCP for SQL would just make sense.  I personally wouldn't want to do what you are contemplating.  Here's some stuff to think about:
> 
> 1.  your modems will not be able to do compression.  You can't easily compress random data (e.g. encrypted).
> 2.  you won't get 33.6 unless your phone lines are pristine.  You better plan on 28.8--if you are lucky.
> 3.  I would hone my SQL sharply so it produces the smallest most relevant data sets possible.
> 
> 4.  you might want to give them some kind of termnial/shell access for doing their SQL remotely, instead of from home.  Telnet or SSH.  If you used SSH you could obviate using a separate VPN, you could use -C for compression, and you could do your SQL on the server side (or the on-site side)--all in all a speedier alternative.
> 
> --Patrick Darden
> 
> 
> -----Original Message-----
> From: Ben Whorwood [mailto:bw-ml at mube.co.uk]
> Sent: Thursday, April 21, 2011 12:56 PM
> To: nanog at nanog.org
> Subject: VPN over slow Internet connections
> 
> 
> Dear all,
> 
> Can anyone share any thoughts or experiences for VPN links running over 
> slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)?
> 
> We are looking into utilising OpenVPN for out-of-office workers who 
> would be running mobile broadband in rural areas. Typical data across 
> the wire would be SQL queries for custom applications and not much else.
> 
> Some initial thoughts include...
> 
>    * How well would the connection handle certificate (>= 2048 bit key) 
> based authentication?
>    * Is UDP or TCP better considering the speed and possibility of 
> packet loss (no figures to hand)?
>    * Is VPN over this type of connection simply a bad idea?
> 
> Many thanks in advance.
> 
> Kind regards,
> Ben Whorwood
> 
> 
 		 	   		  


More information about the NANOG mailing list