Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 12/21/02 

From: Mikael Olsson <mikael.olsson@clavister.com>
To: Erick Mechler <emechler@techometer.net>
Date: Sat Dec 21 09:50:02 2002

Erick Mechler wrote:
>
> [ppp over ssh]

I'd think that something IPsecish would be a better choice for
this task, but I digress ... :)

> There was some latency involved with tunnelling PPP over ssh, but
> it was still acceptable for our user base.

Just a helpful hint: turning off the nagle delay algorithm in the
SSH client as well as in the SSH server can do wonders for latency
problems involved with tunneling things over SSH.

Doing nagle delay on top of TCP sessions that already do nagle
delay themselves involves quite a bit of "second-guessing", which
results in unwanted delays that you experience as "lag bursts"
for interactive things.

(No, the nagle delay algo itself doesn't cause this, but the
interactions with delayed ACK schemes and other TCP optimizations
do cause "interesting" effects on e.g. terminal sessions that
echo characters that you type.) 

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com