[cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon
naveen at lastninja.net
Mon May 4 08:49:52 EDT 2015
I haven't tried it, but OpenVPN has a --float option. I haven't had a chance
to try it myself, but it will handover to a new IP address, essentially
giving roaming over unreliable link style connectivity.
What would be even nicer is some sort of mosh-like functionality where
the connectivity can remain long-lived (for when your laptop/phone
On Mon, May 04, 2015 at 02:19:01PM +0300, Jane wrote:
> Thanks Shawn!
> However, upon googling and familiarizing myself with some material (
> etc. ), I don't see how this solves the "renegotiate session-key every
> time your connection breaks" issue for a simple user who has a single
> unreliable internet link.
> It might be useful for a number of different, enterprise-typical
> conditions (such as when you have n+1 ISP connections for redundancy, and
> need VPN to operate seamlessly when one of them fails)
> However, what I have in mind is something that is geared towards a
> conventional user with conventional smartphone, who has a single and
> less-than-reliable data link with limited bandwidth (and relatively
> limited battery resource).
> On Mon, May 4, 2015 at 1:33 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
> On May 4, 2015 5:09 AM, "Jane" <latercera at consultant.com> wrote:
> > Actually, in my oh so very humble opinion, world has enough reasonably
> good VPNs that can operate on reasonably good connections.
> > What is lacking is something that can function transparently and
> effectively on a very flakey connection (thing lousy GPRS one) without
> introducing noticeable overhead.
> > Given that lousy GPRS connections are unstable, any classic VPN scheme
> starts suffering a lot of connection re-negotiation overhead, which
> sucks (even if the overhead for a single instance of properly
> negotiating a session key is minuscle, when you do it every goddamn time
> connection is lost, it starts adding up really fast).
> > Also, hearbeating tends to eat mobile battery pretty fast.
> What you're looking for is "multi homed vpn", there are quite a few
> posts and articles on the subject. Both OpenVPN and IPSec can do this
> (though IPSec is more flexible and should do exactly what you want).
> cryptography mailing list
> cryptography at randombit.net
More information about the cryptography