Acanac...?

[Erik (Caneris)]

James wrote:
> It's not the extra encapsulation that's the problem.  It's two TCP
> streams trying to maintain traffic flow.  TCP can adjust to network
> changes.  If you have two TCP connections, they may conflict, causing
> performance issues.  This does not occur when UDP is used as it's
> performance characteristics are the same as bare ethernet.  Have you
> considered something like OpenVPN?  Or at least SSL?
> 
Clearly my sarcasm was missed, despite the smiley face. Yes, I know what the potential problem is.

SSL or OpenVPN (well, still SSL) were not yet considered, but they're excellent ideas, so we'll definitely take a look at them. 

Every solution has good and bad about it and nothing's perfect, but out of all the solutions, the SSH tunnel requires the least amount of hardware/software/changes on the CPE side, the least amount of work on our side, and it works across the largest amount of platforms. 

Of course, the regulatory solution beats all of those ;)

Erik
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists