VPN over slow Internet connections

Steven Bellovin smb at cs.columbia.edu
Thu Apr 21 15:33:34 CDT 2011


On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote:

> Steven Bellovin (smb) writes:
>> 
>> I should note: IPsec, being datagram-based, will also work well.  PPTP,
>> which runs over TCP as far as I know, will suffer all of the ills I just
>> outlined.
> 
> 	PPTP uses 1723/tcp for control, but the tunneled traffic is GRE,
> 	so that would work fine as well.

Ah, thanks for the correction.
> 
>> If you do it correctly, a VPN is actually better: you can assign a
>> static internal IP address to each certificate.  If the modem connection
>> drops, when you reconnect the applications will still have the same
>> IP address, so their connections won't be interrupted.
> 
> 	Absolutely, that's the case with OpenVPN, if you assign static IPs to
> 	each profile.  PPtP can do this as well, for instance using MPD.
> 	Very big advantage in fact.

Yup, I've done this myself with OpenVPN.


		--Steve Bellovin, https://www.cs.columbia.edu/~smb









More information about the NANOG mailing list