A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

VPN performance question



 
 
Thread Tools Display Modes
  #22  
Old May 3rd 20, 05:49 PM posted to uk.telecom.broadband
MissRiaElaine[_2_]
external usenet poster
 
Posts: 303
Default VPN performance question

On 03/05/2020 17:10, Graham J wrote:
Peter wrote:

(Richard Tobin) wrote

Draytek call it "Remote dial-in VPN"


They also call it "teleworker". The other VPN they support is "site to
site", which presumably a teleworker could also use, but only one at a
time. With teleworkers, each one has their own credentials.


[snip]

The "site to site" VPN is implemented between routers, rather than from
local user to remote router.* It is also described as LAN-to-LAN.* A
teleworker with a compatible router can use this mechanism.* But the
problem with the term teleworker is that it usually implies mobile, or
at least not working from a fixed location.* It is usually the
teleworkers IP address that is used as part of the authentication.

It beats me why mobile phones don't all have IPv6 addresses - it would
make this sort of setup much more useful.

But one can have several "site to site" VPNs up at the same time.* Most
entry-level Vigor routers support 32 simultaneous LAN-to-LAN VPNs.* The
only requirement is that each remote site has a different LAN IP.


When I used to remotely connect in to the network where I used to work,
we used a Citrix client on the local computer, the router had nothing to
do with it, it worked even over public wifi (although that's not
something I'd recommend as normal practice..!) There was a web page with
a login box and then you got the remote desktop up as a window on your
local computer.

The only snag was it was a pain when you wanted to print something
locally, you had to copy the document to the local desktop otherwise it
ended up on the office printer 10 miles away..!



--
Ria in Aberdeen

[Send address is invalid, use sipsoup at gmail dot com to reply direct]
  #23  
Old May 4th 20, 04:09 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 03/05/2020 10:59, Peter wrote:

Brian Gregory wrote

Actually I just mentioned this to someone and apparently I'm wrong PPTP
doesn't normally tunnel through TCP. It tunnel with something called GRE
which isn't TCP or UDP!


Yes it uses GRE and GRE has to be explicitly supported all the way up.

Usually it is, but I have found PPTP not working on some public wifis
and some cellular networks.


Well since it doesn't use ports GRE would be harder to pass through NAT
without possible problems.

AFAIK if two people on the same NATed network (sharing the same public
IP) connected to the same PPTP server the NAT would have no way to
correctly pass the GRE coming back to the correct users.

No idea why the latter, because internet data is carried transparently
over cellular, all the way back to your cellphone provider and it
enters the internet only there. So if e.g. I am in Kathmandu on 4G and
I hit some website, I will show up in that web server's logs IP to
country as "Vodafone London".


Don't think that's anything to do with it. But I believe all the UK
mobile companies still use IPv4 and CGNAT so they may not want to risk
sending GRE that's destined for one user to another by mistake, even
though I presume it's unlikely the other user could decrypt it correctly.


As I said earlier one needs at least a couple of ways to skin the cat,
in IT

Other than this, I've always found PPTP VPNs to "just work" with no
hassle. In comparison I have spent DAYS on L2TP/IPSEC stuff, and then
one finds it works on android 6, not android 5, windows 7 and not
windows 10, etc.


I've always found PPTP works to begin with and then just randomly slows
right down or stops after a while. Not knowing anything about GRE except
that it is protocol 47 I can't explain why that would happen.

--
Brian Gregory (in England).
  #25  
Old May 4th 20, 12:57 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 03/05/2020 10:54, Peter wrote:

Brian Gregory wrote

It's security is p1ss p00r too.


Only on google. When you research this you find that every website
stating this is copying it from all the others


https://www.computerworld.com/article/2506083/

https://samsclass.info/124/proj14/p10-pptp.htm

--
Brian Gregory (in England).
  #26  
Old May 5th 20, 01:48 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

G https://en.wikipedia.org/wiki/Generi..._Encapsulation

--
Brian Gregory (in England).
  #27  
Old May 6th 20, 07:22 AM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 05/05/2020 21:27, Peter wrote:
Any secure comms link is vulnerable to a man in the middle attack,
unless it uses keys issued by a mutually trusted 3rd party.


What about a properly implemented Diffie-Hellman key exchange?

--
Brian Gregory (in England).
  #28  
Old May 6th 20, 01:44 PM posted to uk.telecom.broadband
grinch
external usenet poster
 
Posts: 99
Default VPN performance question

On 04/05/2020 04:17, Brian Gregory wrote:



I'm not sure how PPP is used in PPTP but PPP is IP encapsulated.


Actually its the other way round IP is encapsulated by PPP.



https://www.juniper.net/documentatio...point-protocol
  #29  
Old May 6th 20, 08:28 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 06/05/2020 13:44, grinch wrote:
On 04/05/2020 04:17, Brian Gregory wrote:



I'm not sure how PPP is used in PPTP but PPP is IP encapsulated.


Actually its the other way round IP is encapsulated by PPP.



https://www.juniper.net/documentatio...point-protocol


Okay, I didn't express it very clearly I guess.

--
Brian Gregory (in England).
  #30  
Old May 7th 20, 07:33 PM posted to uk.telecom.broadband
Brian Gregory[_2_]
external usenet poster
 
Posts: 86
Default VPN performance question

On 07/05/2020 12:31, Peter wrote:

Brian Gregory wrote

On 05/05/2020 21:27, Peter wrote:
Any secure comms link is vulnerable to a man in the middle attack,
unless it uses keys issued by a mutually trusted 3rd party.


What about a properly implemented Diffie-Hellman key exchange?


How can you KNOW the party you are talking to is the one you think you
are talking to?

If I send you my public key, how do you know it came from me, rather
than somebody emailing you from a forged From: address?

So, IOW, you have to trust somebody...


Well yes, Diffie-Hellman won't help you with that problem.

You'd have to use something else like certificates (as for example
OpenVPN can), or public/private key pairs (as for example Wireguard VPN
does) for that, and keep the certificate authority and/or private key(s)
secret.

--
Brian Gregory (in England).
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN ports blocked by many ISPs, SSL VPN? Doz uk.telecom.broadband (UK broadband) 1 September 13th 06 03:14 PM
VPN ports blocked by many ISPs, SSL VPN? Gordon Hudson uk.telecom.broadband (UK broadband) 0 September 11th 06 02:03 PM
VPN performance Rob S uk.telecom.broadband (UK broadband) 3 May 25th 05 05:10 PM
Vigor 2900G VPN v XP Pro VPN v XP Remote Desktop Fred Finisterre uk.telecom.broadband (UK broadband) 2 December 2nd 04 09:40 AM
3Com Wireless 11g Access Point (Performance Question) Lee J. Moore uk.telecom.broadband (UK broadband) 8 January 5th 04 12:11 AM


All times are GMT +1. The time now is 05:26 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2020 BroadbanterBanter.
The comments are property of their posters.