[RDD] OpenOB 2.3 release

James Harrison james at talkunafraid.co.uk
Fri Oct 26 09:41:50 EDT 2012

Hash: SHA1
Well, -w just plugs SSH into tun devices, and I'm relatively certain
that it'll result in packet fragmentation (which will happen with most
tunneling protocols, but that's something I need to check). Plus the
overhead of encryption and decryption is not something I'd like to have
running on a low-spec machine like, say, the Raspberry Pi. I'd rather
have this outboard on something like a Mikrotik Routerboard (which can
handle the IP routing and encryption and all that jazz). At some level,
too, OpenVPN is a simpler alternative to SSH, and it might be easier to
just design OpenOB with the assumption that all endpoints need to use an
(/optionally/ encrypted) VPN connection to bypass firewalls. This makes
management easier (OpenVPN is already well-integrated into most distros
etc) and OpenVPN endpoints are trivially cheap (a Mikrotik RB450G can
terminate tens of VPN connections for £80). Using a full-fat VPN is
about equivalent in overhead to ssh -w, and has the benefit of easier
setup/teardown and session management, as well as better IP management.


James Harrison

On 26/10/2012 14:00, Cowboy wrote:
> On Friday 26 October 2012 04:06:18 am James Harrison wrote:
>> So you need a UDP based tunnel,
> See the -w option in man ssh.
> There are a number of ways to accomplish UDP via SSH.

Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

More information about the Rivendell-dev mailing list