[RDD] OpenOB 2.3 release

James Harrison james at talkunafraid.co.uk
Fri Oct 26 09:41:50 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Well, -w just plugs SSH into tun devices, and I'm relatively certain
that it'll result in packet fragmentation (which will happen with most
tunneling protocols, but that's something I need to check). Plus the
overhead of encryption and decryption is not something I'd like to have
running on a low-spec machine like, say, the Raspberry Pi. I'd rather
have this outboard on something like a Mikrotik Routerboard (which can
handle the IP routing and encryption and all that jazz). At some level,
too, OpenVPN is a simpler alternative to SSH, and it might be easier to
just design OpenOB with the assumption that all endpoints need to use an
(/optionally/ encrypted) VPN connection to bypass firewalls. This makes
management easier (OpenVPN is already well-integrated into most distros
etc) and OpenVPN endpoints are trivially cheap (a Mikrotik RB450G can
terminate tens of VPN connections for £80). Using a full-fat VPN is
about equivalent in overhead to ssh -w, and has the benefit of easier
setup/teardown and session management, as well as better IP management.

Thoughts?

Cheers,
James Harrison

On 26/10/2012 14:00, Cowboy wrote:
> On Friday 26 October 2012 04:06:18 am James Harrison wrote:
>> So you need a UDP based tunnel,
>
> See the -w option in man ssh.
>
> There are a number of ways to accomplish UDP via SSH.
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
 
iEYEARECAAYFAlCKkx4ACgkQ22kkGnnJQAyL6ACbBtPrqslMsVKNIOm/Hzf41g0o
DIYAoI1nqulVW5bT6j2EhSNCn58x8sv9
=ooID
-----END PGP SIGNATURE-----



More information about the Rivendell-dev mailing list