[cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon

Jane latercera at consultant.com
Mon May 4 07:19:01 EDT 2015


Thanks Shawn!

However, upon googling and familiarizing myself with some material (
http://crazyvlan.blogspot.de/2013/06/implementing-multi-homed-and-load.html
etc. ), I don't see how this solves the "renegotiate session-key every time
your connection breaks" issue for a simple user who has a single unreliable
internet link.

It might be useful for a number of different, enterprise-typical conditions
(such as when you have n+1 ISP connections for redundancy, and need VPN to
operate seamlessly when one of them fails)

However, what I have in mind is something that is geared towards a
conventional user with conventional smartphone, who has a single and
less-than-reliable data link with limited bandwidth (and relatively limited
battery resource).

Sincerely,
J


On Mon, May 4, 2015 at 1:33 PM, shawn wilson <ag4ve.us at gmail.com> wrote:

>
> On May 4, 2015 5:09 AM, "Jane" <latercera at consultant.com> wrote:
> >
> > Actually, in my oh so very humble opinion, world has enough reasonably
> good VPNs that can operate on reasonably good connections.
> >
> > What is lacking is something that can function transparently and
> effectively on a very flakey connection (thing lousy GPRS one) without
> introducing noticeable overhead.
> > Given that lousy GPRS connections are unstable, any classic VPN scheme
> starts suffering a lot of connection re-negotiation overhead, which sucks
> (even if the overhead for a single instance of properly negotiating a
> session key is minuscle, when you do it every goddamn time connection is
> lost, it starts adding up really fast).
> > Also, hearbeating tends to eat mobile battery pretty fast.
> >
>
> What you're looking for is "multi homed vpn", there are quite a few posts
> and articles on the subject. Both OpenVPN and IPSec can do this (though
> IPSec is more flexible and should do exactly what you want).
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20150504/cde3890c/attachment-0001.html>


More information about the cryptography mailing list