-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, -w just plugs SSH into tun devices, and I'm relatively certain that it'll result in packet fragmentation (which will happen with most tunneling protocols, but that's something I need to check). Plus the overhead of encryption and decryption is not something I'd like to have running on a low-spec machine like, say, the Raspberry Pi. I'd rather have this outboard on something like a Mikrotik Routerboard (which can handle the IP routing and encryption and all that jazz). At some level, too, OpenVPN is a simpler alternative to SSH, and it might be easier to just design OpenOB with the assumption that all endpoints need to use an (/optionally/ encrypted) VPN connection to bypass firewalls. This makes management easier (OpenVPN is already well-integrated into most distros etc) and OpenVPN endpoints are trivially cheap (a Mikrotik RB450G can terminate tens of VPN connections for £80). Using a full-fat VPN is about equivalent in overhead to ssh -w, and has the benefit of easier setup/teardown and session management, as well as better IP management.
Thoughts? Cheers, James Harrison On 26/10/2012 14:00, Cowboy wrote: > On Friday 26 October 2012 04:06:18 am James Harrison wrote: >> So you need a UDP based tunnel, > > See the -w option in man ssh. > > There are a number of ways to accomplish UDP via SSH. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCKkx4ACgkQ22kkGnnJQAyL6ACbBtPrqslMsVKNIOm/Hzf41g0o DIYAoI1nqulVW5bT6j2EhSNCn58x8sv9 =ooID -----END PGP SIGNATURE----- _______________________________________________ Rivendell-dev mailing list Rivendell-dev@lists.rivendellaudio.org http://lists.rivendellaudio.org/mailman/listinfo/rivendell-dev
