Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)

From: Erick Mechler (emechler@techometer.net)
Date: 12/23/02

• Next message: Jim Seymour: "[fw-wiz] [OT?] Anybody Recognize These Uploads?"
• Previous message: Kevin Steves: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
• In reply to: Mikael Olsson: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Erick Mechler <emechler@techometer.net>
To: Mikael Olsson <mikael.olsson@clavister.com>
Date: Mon Dec 23 18:15:02 2002

:: > [ppp over ssh]
::
:: I'd think that something IPsecish would be a better choice for
:: this task, but I digress ... :)

Even with our limited userbase, I didn't want to get into having to
maintain pre shared secrets with all of my users. I also wanted to have
support for as many clients as possible, and while I've seen reports of all
the OS's I mentioned working with FreeBSD IPSec, I'd describe the
experiences "painful" at best. But I digress :)

:: > There was some latency involved with tunnelling PPP over ssh, but
:: > it was still acceptable for our user base.
::
:: Just a helpful hint: turning off the nagle delay algorithm in the
:: SSH client as well as in the SSH server can do wonders for latency
:: problems involved with tunneling things over SSH.

... and Kevin Steves <stevesk@pobox.com> responded:

:: While there may be some Nagle issues lingering, we do disable Nagle
:: for the port forwarding endpoints. This change was commited to
:: current over 9 months ago and was in the 3.4 release.

Is tunneling PPP over SSH considered a port forward, though? If it's not,
how would one go about disabling the Nagle algorithm in the ssh client? I
don't see anything to that affect in the man pages. Or, do I have to do
that at compile time...

Cheers - Erick

---

• Next message: Jim Seymour: "[fw-wiz] [OT?] Anybody Recognize These Uploads?"
• Previous message: Kevin Steves: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
• In reply to: Mikael Olsson: "Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?) ... >> There was some latency involved with tunnelling PPP over ssh, ... turning off the nagle delay algorithm in the ... > SSH client as well as in the SSH server can do wonders for latency ... (Firewall-Wizards) Re: RE: Telnet/SSL v SSH ... nearly the same robustness as SSH from the perspective of Authentication, ... and secure design. ... Disadvantages: Poor authentication system. ... When I was talking about elaborating on tunneling I was ... (Security-Basics) Re: Cable for transfer of data? ... SSL /should/ mean. ... SSH has an SSH encryption similar to SSL. ... SSH does tunneling and encryption. ... (uk.comp.homebuilt) Re: Odd X11 over SSH issue ... tunneled over SSH via the Internet. ... Running the ssh server with more debugging will probably tell you what's ... because tunneling a whole X server ... Is there any particular reason you don't let the X server run remotely ... (freebsd-questions) Re: SSH Tunneling without console login ... logging in to the server. ... tunneling purposes, i login to the remote server with the following command: ... -f forces ssh to go into background. ... (SSH)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2002-12