On 20/9/2011 8:58 μμ, Jenny Lee wrote:
> I don't know if stunnel uses TCP or not.
Thanks for your thoughts Jenny.
"Stunnel works with SSL, which runs only on TCP." (Ref.:
http://www.stunnel.org/?page=faq.)
> But OpenVPN has an option to use TCP. You will find that VPN over UDP
> is 3 times faster tha VPN over TCP. All is not vain, though. There is
> a kernel option not to not combine packets to bigger chunks and send
> them immediately as smaller chunks. OpenVPN option "tcp-nodelay"
> activates that and i can reach almost UDP speeds with TCP. I would
> check if something similiar exists for stunnel.
The stunnel program is designed to work as an SSL encryption wrapper
between remote client and local (inetd-startable) or remote server.
I could directly use OpenVPN instead; I would expect it will take a much
greater preparation in terms of system design and implementation, but it
would be more versatile and manageable. Eventually I believe I might do it.
For now, as I explained initially, I am examining a solution of web
proxy authentication based on certificates. This was discussed for
example here:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Client-Certificate-Authentication-td3353759.html
and it seems it should work, but no configuration details were given; so
I am trying to see how it should be implemented to test this setup. Note
that our users/servers already have (or can easily obtain) officially
signed X.509 certificates and that should ease such a solution.
Thanks again,
Nick
This archive was generated by hypermail 2.2.0 : Wed Sep 21 2011 - 12:00:02 MDT