Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)

From: Erick Mechler (emechler@techometer.net)
Date: 12/23/02


From: Erick Mechler <emechler@techometer.net>
To: Mikael Olsson <mikael.olsson@clavister.com>
Date: Mon Dec 23 18:15:02 2002


:: > [ppp over ssh]
::
:: I'd think that something IPsecish would be a better choice for
:: this task, but I digress ... :)

Even with our limited userbase, I didn't want to get into having to
maintain pre shared secrets with all of my users. I also wanted to have
support for as many clients as possible, and while I've seen reports of all
the OS's I mentioned working with FreeBSD IPSec, I'd describe the
experiences "painful" at best. But I digress :)

:: > There was some latency involved with tunnelling PPP over ssh, but
:: > it was still acceptable for our user base.
::
:: Just a helpful hint: turning off the nagle delay algorithm in the
:: SSH client as well as in the SSH server can do wonders for latency
:: problems involved with tunneling things over SSH.

... and Kevin Steves <stevesk@pobox.com> responded:

:: While there may be some Nagle issues lingering, we do disable Nagle
:: for the port forwarding endpoints. This change was commited to
:: current over 9 months ago and was in the 3.4 release.

Is tunneling PPP over SSH considered a port forward, though? If it's not,
how would one go about disabling the Nagle algorithm in the ssh client? I
don't see anything to that affect in the man pages. Or, do I have to do
that at compile time...

Cheers - Erick



Relevant Pages