On Fri, Sep 14, 2007 at 12:33:03PM +1000, Steven Haigh wrote: > Quoting Matt Palmer <[EMAIL PROTECTED]>: > >On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote: > >> 2. It doesn't require licensing > > > >Plenty of VPN products out there are FOSS; > > Yeah - I wasn't too sure about this either. I haven't seen any VPN > software that requires licensing in years. I didn't know anyone still > required this?
There's plenty of lots-o-money VPN products out there; presumably that's what they're talking about. The problem is that the statement "uvlan isn't a VPN because it doesn't require licencing" is a ridiculous statement, because you don't have to have a licencing requirement to be a VPN. > >> 3. It is much simpler > > > >Simpler than what? > > Routing? Simple is in the eye of the beholder. Switched ethernet networks have their complexities that routed networks don't... > >> 4. It operates at Layer-2 (Ethernet), VPNs generally operate at > >>Layer-3 (IP) > > > >Generally, perhaps, but it's not a requirement of the term "VPN" that it be > >an L3 transition. > > > >> Layer-2 applications like gaming can't be supported with > >>Layer-3 tunneling. > > > >Plenty of games can successfully use IP. > > I was thinking more the case of joining lans. Obviously its not a > solution for all causes, as anything with more than 5-10 nodes per > site and more than 2-3 sites would get pretty ugly. I think a nice > thing would be for things that can ONLY use a local LAN due to either > software or developer restrictions. Well, obviously. > >>From my understanding, this software is pretty much acting like a > >>bridge, but with endpoints over a routed IP network. > >> > >>Has anyone actually used this? Thoughts? Criticisms? > > > >I haven't used this particular software, but I've used OpenVPN (software of > >the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all > >of > >the usual restrictions on LAN-like traffic over a low-bandwidth, > >high-latency link. Most things that need to use Ethernet assume all sorts > >of things that just don't hold over the Internet, and it causes some > >painful > >hassles. But, engineered properly, in the correct circumstances, it can be > >handy to bridge two or more segments over a routed network. > > I've used a lot of VPN stuff in the past, but I've usually always > ended up doing it on a router, then had to NAT over it and all sorts > of nasty stuff. I think this is a nicer solution if it could be > implemented right :) I don't think you quite got my point -- you *don't* need uvlan to bridge Ethernet segments over a routed network; there are other products which will do the same thing. As I said, I've used OpenVPN to do this job, and my experiences are given in that block of text you quoted. > >A criticism of uvlan in particular is that I wouldn't trust my network > >security to people who sound so clueless. Their derision of VPNs, as you > >quoted above, shows either a lack of sense or a blind hatred, using libpcap > >in this situation gave me some chuckles, and their "What algorithms are > >used?" page scares me a little. I'll stick with OpenVPN, myself. > > I think it's come about of a case of wanting to do stuff that won't > work properly over a routed network (xbox games etc) - however could > be nicer for a lot more things. XBox games don't work over a routed network? Please tell me that XBox Live isn't just a giant uvlan install. - Matt -- When the revolution comes, they won't be able to FIND the wall. -- Brian Kantor, in the Monastery