Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Yup. This obsoletes the old method of tunneling PPP over SSH.
So it isn't really anything new as far as the capabilities, just in ease-of-use.
OpenSSH 4.3 released
Posted Feb 1, 2006 21:40 UTC (Wed) by job (guest, #670)
Posted Feb 1, 2006 23:38 UTC (Wed) by Mithrandir (subscriber, #3031)
Posted Feb 2, 2006 0:18 UTC (Thu) by Ross (subscriber, #4065)
Posted Feb 2, 2006 0:44 UTC (Thu) by djm (subscriber, #11651)
While you wouldn't use it as a permanent connection between two networks or to run real-time applications over, it is very useful for ad-hoc uses (e.g. establishing a secure connection back home while you are travelling) and its convenience. We point people towards IPsec in the documentation for serious uses.
People have been using OpenSSH's TCP-over-TCP port forwarding for years without complaint, just think of this as an incremental improvement :)
TCP-over-TCP tunnelling (was OpenSSH 4.3 released)
Posted Feb 2, 2006 2:32 UTC (Thu) by dskoll (subscriber, #1630)
People have been using OpenSSH's TCP-over-TCP port forwarding for years without complaint
That's not the same thing. Port-forwarding isn't really TCP-over-TCP. It's really just plain TCP. If you use a TCP connection as a piece of wire, and then run TCP over that piece of wire, then the TCP timers in the wire layer and the top layer can interact in very nasty ways, and pretty soon your connection gets totally clogged. You might not notice it on a LAN, but probably will if you try such tunneling over the Internet.
OpenVPN is really a much nicer solution for tunnelling. Works really well, and unlike IPSec, is not a horrible nightmarish protocol produced by committee.
Posted Feb 2, 2006 12:05 UTC (Thu) by job (guest, #670)
In the case of TCP-over-TCP the results are also very practical. As soon as you get packet loss performance will quickly deteriorate. The SSH protocol seems like a competent design so I doubt its port forwarding is broken in that regard.
Please don't misunderstand my previous comment as it was a sincere question. The OpenSSH people probably wouldn't design something as broken as PPP-over-SSH (especially not since OpenVPN is such a simple replacement), so I am interested to hear how it works.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds