Peter Clay <[EMAIL PROTECTED]> writes: >If you want a VPN that road warriors can use, you have to do it with IP-over- >TCP. Nothing else survives NAT and agressive firewalling, not even Microsoft >PPTP.
IP-over-TCP has some potential performance problems, see http://sites.inka.de/bigred/devel/tcp-tcp.html, although having used SSH and SSL tunnels quite a lot, I wonder how serious this really is - the author of the above analysis mentions performance problems on a link with a high level of packet loss, but on a typical link I haven't found any real problems. If you specifically want a pure TCP tunnel though, there's a pile of solutions available, of which the easiest to set up is SSH (point it at the target, indicate that you want port forwarding, and you're done). >If someone out there wants to write VPN software that becomes widely used, >then they should make a free IP-over-TCP solution that works on Windows and >Linux which uses password authentication. Some guy called Ylonen already did this in 1995 :-). Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]