Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)

From: Kevin Steves (stevesk@pobox.com)
Date: 12/22/02

Next message: Erick Mechler: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Previous message: Luca Berra: "Re: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices"
In reply to: Mikael Olsson: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Next in thread: Erick Mechler: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Kevin Steves <stevesk@pobox.com>
To: Mikael Olsson <mikael.olsson@clavister.com>
Date: Sun Dec 22 18:15:01 2002

On Sat, Dec 21, 2002 at 01:48:56PM +0100, Mikael Olsson wrote:
> > There was some latency involved with tunnelling PPP over ssh, but
> > it was still acceptable for our user base.
>
> Just a helpful hint: turning off the nagle delay algorithm in the
> SSH client as well as in the SSH server can do wonders for latency
> problems involved with tunneling things over SSH.
>
> Doing nagle delay on top of TCP sessions that already do nagle
> delay themselves involves quite a bit of "second-guessing", which
> results in unwanted delays that you experience as "lag bursts"
> for interactive things.

While there may be some Nagle issues lingering, we do disable Nagle
for the port forwarding endpoints. This change was commited to
current over 9 months ago and was in the 3.4 release.

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c?rev=1.169&content-type=text/x-cvsweb-markup
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c.diff?r1=1.168&r2=1.169

Next message: Erick Mechler: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Previous message: Luca Berra: "Re: [fw-wiz] PIX 520 - control traffic between DMZ and inside devices"
In reply to: Mikael Olsson: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Next in thread: Erick Mechler: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Limiting SSH reverse tunnels?
... > Several people have figured out the joys of reverse tunneling, ... > now using SSH tunnels to bypass the corporate VPN get into the office ... SSH tunnelling is different to rsync over SSH I believe. ...
(SSH)
Re: X11 session tunnelling via SSH: no longer working!
... SSH session used to work fine until recently. ... from your workstation running an appropriate X11 server, ... Since the tunnelling no longer works, the only way to run graphical apps ... it run before sshd gets launched. ...
(comp.sys.sun.admin)
Re: double ssh tunnelling
... > Do I do something wrong or SSH can't do double tunnelling??? ... You say you can only reach PC2 on port 22 but you are trying to bind the ...
(comp.os.linux.networking)
Re: deny tunnelling trough ssh proxy
... not port tunnelling. ... Just SSH is not a problem because it's just a window of ... I want to deny port forwarding not X forwarding sins that's just a ...
(comp.security.ssh)
X11-SSH Tunnelling "Update" Problem with NetBackup
... the GUI window does not display correctly. ... the window and click, some of the text charaters show up under your clicks. ... This only appears when tunnelling through SSH. ...
(SunManagers)