[maemo-developers] Using OpenVPN over wifi (was: Re: WLAN Horrible Roaming Performance (N800, OS2008), Software or Hardware Problem ?)
From: Michael Flaig mflaig at pro-linux.deDate: Sun Feb 17 17:53:33 EET 2008
- Previous message: WLAN Horrible Roaming Performance (N800, OS2008), Software or Hardware Problem ?
- Next message: python2.5-mutagen available in chinook extras
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, on Roaming: I have quite good experience with roaming when using unencrypted wifi and securing it with OpenVPN. In this setup you have your access point connected to a firewall (with OpenVPN installed) and do encryption from wifi device to the OpenVPN enabled firewall instead of to the AP. > What encryption settings? It makes a difference here. So here my short hint to people who use an unencrypted AP and have OpenVPN set up to secure the communication of their own devices. Do not use OpenVPN over TCP for the reasons Kalle already mentioned. TCP thinks that paket loss is a) a faulty connection b) bandwith is exceeded So TCP will slow down the connection to a minimum and raise the speed slowly until there are errors. TCP is good for wire networks but does not perform that well in wifi networks in the default setup. So if you use UDP for you OpenVPN there is no TCP messing with your connection and due to the UDP Protocol OpenVPN needs to handle the retransmissions which it does quite well :) I get about 20 to 30 Mbit (802.11g) throughput when using OpenVPN over UDP instead of about 5 Mbit throughput when using OpenVPN over TCP (this is measured using nload on my laptop when down and uploading files from/to my samba fileserver) Why not use WPA? Cheap access point to not allow for virtual APs So you can't have WPA for your devices and still offer free unecrypted access to the internet for anyone else. Why connecting the APs to the Firewall and not to the internal network? On the Firewall you can block all traffic from the wifi devices to your internal network and allow it if they are connected by openvpn. You still could allow non-openvpn devices to connect to the outside world (internet) but not to your hosts. HTH somebody :-) cya, Michael PS. I have read VNC many times already, in most cases I wonder why not using FreeNX for that?! Has anyone ported the client, yet? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digital signierter Nachrichtenteil Url : http://lists.maemo.org/pipermail/maemo-developers/attachments/20080217/eb51193c/attachment.pgp
- Previous message: WLAN Horrible Roaming Performance (N800, OS2008), Software or Hardware Problem ?
- Next message: python2.5-mutagen available in chinook extras
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]