New Zealand ADSL Mailing List


Re: PPPoSSH Problems

From: Brent Russell <russell_at_physics.otago.ac.nz>
Date: Sat, 6 Jan 2001 09:49:33 +1300
Message-ID: <001401c07759$029863b0$8b50508b@bak>

>
> > Sorry folks, it doesn't work reliably - don't use TCP based tunnels via
SSH,
> > it's not reliable and never will be!
>
> Some of the world's largest service providers, and client software, use
> TCP-based tunnels very successfully. Of course I won't be specific. :-)
>
> The reliability (or lack thereof) of the the underlying network I would've
> thought would be of greater concern.
>

You may have noticed all 2nd generation tunneling protocols now all support
UDP (or other non TCP) based tunnels- L2TP, CIPE, IPSec, for example. The
TCP race condition is one of the reasons that Tunneling got such bad press
when tunnels started becoming the "in-thing" a year or two back. A lot of
large companies still use TCP-based tunnels, such as PPTP for example, and
have reasonable performance with them. However, problems such as described
on this list with running TCP encapsulations such as PPP will always be
unreliable on congested links (and hence the relevance of your point re "The
reliability (or lack thereof) of the the underlying network ") . I suspect
that these companies you mention are just lucky enough to have a big pipe
and a good provider :) No, I _didn't_ just say ADSL + telecom = poor
service *grin*.

Basically, my advice to people who wish to tunnel is don't use hacks based
around SSH. SSH wasn't designed for this mode of operation. I use it for
secure telnet sessions only. If I want a tunnel I use a proper tunnel
solution - there's lots of them!
(http://www.wiley.com/compbooks/kosiur/vpn/products.htm). SSH has has
become ubiqutous as a general soln for secure communications because it can
be so easily manipulated to do all these things. This is typical fare in
the linux community because UNIX is such a great platform for plugging these
building blocks together. But this doesn't necessarily make it a good
solution !!

Here's a description of the problem from Olaf Titz of the CIPE project...

http://puric.inka.de/sites/bigred/devel/tcp-tcp.html

Here's a thread which describes a typical problem with TCP tunneling...
You'll find plenty more...

http://lists.bikeworld.com/pipermail/vtun/2000-September/000411.html

Brent Russell,
Department of Physics,
University of Otago.

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Sat Jan 6 09:42:45 2001


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:07 2006 EST