Wez, I see this solution as a way to encrypt the tunnel with very little configuration, avoid the use of dynamic DNS servers AND allow for an easy method to do file transfers. You mention that this can possibly be not as easy as it seems. Have you got any experience with Hamachi in particular or is it merely an observation?
Regards, Arthur ________________________________ I've stopped 47,504 spam and fraud messages. You can too! Free trial of spam and fraud protection at http://www.cloudmark.com/sig/?rc=f9r9z -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Weatherall Sent: Wednesday, January 25, 2006 5:31 AM To: 'Hannu Jdrvinen'; 'RealVNC List (E-mail)' Subject: RE: Tunneling VNC Hannu, This has nothing to do with tunnelling VNC through SSH. SSH is a port-level tunnel, not a TCP-level tunnel, so the problems of multiple-level retransmission caused by TCP-over-TCP do not occur. Anecdotal evidence suggests that certain firewalls/routers and possibly Hamachi itself don't handle MTU-reduction as seamlessly as is suggested by "Steve's" comments. Cheers, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Hannu Jdrvinen > Sent: 24 January 2006 21:30 > To: RealVNC List (E-mail) > Subject: Tunneling VNC > > I'm new to NVC and VPN's but I'd like to share something I came across > on www.grc.com. It's a discussion about using this software called > Hamachi for tunneling VNC. The full discussions regarding this can be > found at http://www.grc.com/SecurityNow.htm#23 (episodes 18 & 19) > > As far as I've understood, SSH is TCP. > > Hannu > > Steve: Tunneling TCP through TCP is problematical because TCP is > itself an error correction guaranteed packet delivery protocol. When > you tunnel one of those protocols within another of those protocols, > they're not talking to each other because they're sort of separate > sheaths that are carrying your data. You can get very bad performance > when you tunnel TCP in TCP. This is one of the things that's given > VPNs a bad name. > The other... > > ... > > Steve: ...the computers are fighting. The solution is to use UDP as > the transport protocol. There you're sending packets only when you > need to. So the internal TCP protocol gets encapsulated in UDP, and > that's what Hamachi uses. And also because UDP translates through NAT > routers and traverses NAT routers far more easily. > > ... > > Steve: It's the right way to do a VPN. Now, the one other glitch that > VPN - the thing that hurts VPNs is, when you encapsulate packets, you > make them bigger. And so what can happen is your packets can be > fragmented because they won't traverse the Internet because they end > up being too big when they're wrapped in the packet. Hamachi fixes > that and knows how to change the stack in your machine so that the TCP > packets it generates are already shrunk, so that when it's > encapsulated, it still fits in within what's called the MSS, the > Maximum Segment Size, so that it won't fragment the packets. So you > get, I mean, really good performance. In fact, I have, using Remote > Desktop before, I have forgotten sometimes that I'm not on my > computer. I mean, it's just not a painful experience. > _______________________________________________ > VNC-List mailing list > VNC-List@realvnc.com > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
