Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)

From: Erick Mechler (emechler@techometer.net)
Date: 12/23/02


From: Erick Mechler <emechler@techometer.net>
To: Mikael Olsson <mikael.olsson@clavister.com>
Date: Mon Dec 23 18:15:02 2002


:: > [ppp over ssh]
::
:: I'd think that something IPsecish would be a better choice for
:: this task, but I digress ... :)

Even with our limited userbase, I didn't want to get into having to
maintain pre shared secrets with all of my users. I also wanted to have
support for as many clients as possible, and while I've seen reports of all
the OS's I mentioned working with FreeBSD IPSec, I'd describe the
experiences "painful" at best. But I digress :)

:: > There was some latency involved with tunnelling PPP over ssh, but
:: > it was still acceptable for our user base.
::
:: Just a helpful hint: turning off the nagle delay algorithm in the
:: SSH client as well as in the SSH server can do wonders for latency
:: problems involved with tunneling things over SSH.

... and Kevin Steves <stevesk@pobox.com> responded:

:: While there may be some Nagle issues lingering, we do disable Nagle
:: for the port forwarding endpoints. This change was commited to
:: current over 9 months ago and was in the 3.4 release.

Is tunneling PPP over SSH considered a port forward, though? If it's not,
how would one go about disabling the Nagle algorithm in the ssh client? I
don't see anything to that affect in the man pages. Or, do I have to do
that at compile time...

Cheers - Erick



Relevant Pages

  • Re: [fw-wiz] VPN over Wireless (Was Re: "802.1x"?)
    ... >> There was some latency involved with tunnelling PPP over ssh, ... turning off the nagle delay algorithm in the ... > SSH client as well as in the SSH server can do wonders for latency ...
    (Firewall-Wizards)
  • Re: RE: Telnet/SSL v SSH
    ... nearly the same robustness as SSH from the perspective of Authentication, ... and secure design. ... Disadvantages: Poor authentication system. ... When I was talking about elaborating on tunneling I was ...
    (Security-Basics)
  • Re: Cable for transfer of data?
    ... SSL /should/ mean. ... SSH has an SSH encryption similar to SSL. ... SSH does tunneling and encryption. ...
    (uk.comp.homebuilt)
  • Re: Odd X11 over SSH issue
    ... tunneled over SSH via the Internet. ... Running the ssh server with more debugging will probably tell you what's ... because tunneling a whole X server ... Is there any particular reason you don't let the X server run remotely ...
    (freebsd-questions)
  • Re: SSH Tunneling without console login
    ... logging in to the server. ... tunneling purposes, i login to the remote server with the following command: ... -f forces ssh to go into background. ...
    (SSH)