Dear Users,
For the last two days I was working on a VPN solution for stunnel.
The early alpha version is ready for download here: ftp://stunnel.mirt.net/tunpipe/
Advantages: - based on proven strength of SSL encryption (much better than IPSec or any proprietary encryption protocol), - very clean and lightweight design, - very easy to configure.
Disadvantages: - only works on GNU/Linux (can be ported to some other Unixes), - use of TCP is the main performance limitation.
Aternative solutions: http://www.math.ucla.edu/~jimc/documents/vpn.html
Suggestions and comments are welcome.
Best regards, Mike
Mike
Just a quick comment - is this designed for only L3 traffic? It is likel that TUNEPIPE encapsulates TUN traffic in TCP and carry to the otehr end through SSL.
If it is a case, can you think about TAP device to be supported as well? I see a lot of demand to carry "Ethernet traffic" over IP rather than L3 traffic. (OpenVPN also supports both)
Regards
--- "Michal Trojnara" Michal.Trojnara@mobi-com.net ---
Dear Users,
For the last two days I was working on a VPN solution for stunnel.
The early alpha version is ready for download here: ftp://stunnel.mirt.net/tunpipe/
Advantages:
- based on proven strength of SSL encryption (much better than IPSec or any proprietary encryption protocol),
- very clean and lightweight design,
- very easy to configure.
Disadvantages:
- only works on GNU/Linux (can be ported to some other Unixes),
- use of TCP is the main performance limitation.
Aternative solutions: http://www.math.ucla.edu/~jimc/documents/vpn.html
Suggestions and comments are welcome.
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Masateru KUWATA Computer & Communications Consulting
Masateru KUWATA wrote:
Just a quick comment - is this designed for only L3 traffic? It is likel that TUNEPIPE encapsulates TUN traffic in TCP and carry to the otehr end through SSL.
If it is a case, can you think about TAP device to be supported as well? I see a lot of demand to carry "Ethernet traffic" over IP rather than L3 traffic. (OpenVPN also supports both)
What about switchint to TAP (L2) completly? Are there any drawbacks of this approach?
Best regards, Mike
Mike
Thi is probably better idea.
I quickly reviewed TAP/TUN usage and found no significnat disadvantage of using TAP instead of TUN.
Regards
--- "Michal Trojnara" Michal.Trojnara@mobi-com.net ---
Masateru KUWATA wrote:
Just a quick comment - is this designed for only L3 traffic? It is likel that TUNEPIPE encapsulates TUN traffic in TCP and carry to the otehr end through SSL.
If it is a case, can you think about TAP device to be supported as well? I see a lot of demand to carry "Ethernet traffic" over IP rather than L3 traffic. (OpenVPN also supports both)
What about switchint to TAP (L2) completly? Are there any drawbacks of this approach?
Best regards, Mike
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Masateru KUWATA Computer & Communications Consulting
-
Masateru KUWATA -
Michal Trojnara