[cryptography] GoVPN -- reviewable secure state-off-art crypto free software VPN daemon

Naveen Nathan naveen at lastninja.net
Mon May 4 08:49:52 EDT 2015


I haven't tried it, but OpenVPN has a --float option. I haven't had a chance
to try it myself, but it will handover to a new IP address, essentially
giving roaming over unreliable link style connectivity.

See: https://community.openvpn.net/openvpn/ticket/49

What would be even nicer is some sort of mosh-like functionality where
the connectivity can remain long-lived (for when your laptop/phone
suspends). 

- Naveen

On Mon, May 04, 2015 at 02:19:01PM +0300, Jane wrote:
>    Thanks Shawn!
> 
>    However, upon googling and familiarizing myself with some material (
>    http://crazyvlan.blogspot.de/2013/06/implementing-multi-homed-and-load.html
>    etc. ), I don't see how this solves the "renegotiate session-key every
>    time your connection breaks" issue for a simple user who has a single
>    unreliable internet link.
>    A 
>    It might be useful for a number of different, enterprise-typical
>    conditions (such as when you have n+1 ISP connections for redundancy, and
>    need VPN to operate seamlessly when one of them fails)
> 
>    However, what I have in mind is something that is geared towards a
>    conventional user with conventional smartphone, who has a single and
>    less-than-reliable data link with limited bandwidth (and relatively
>    limited battery resource).
> 
>    Sincerely,
>    J
>    On Mon, May 4, 2015 at 1:33 PM, shawn wilson <ag4ve.us at gmail.com> wrote:
> 
>      On May 4, 2015 5:09 AM, "Jane" <latercera at consultant.com> wrote:
>      >
>      > Actually, in my oh so very humble opinion, world has enough reasonably
>      good VPNs that can operate on reasonably good connections.
>      >
>      > What is lacking is something that can function transparently and
>      effectively on a very flakey connection (thing lousy GPRS one) without
>      introducing noticeable overhead.
>      > Given that lousy GPRS connections are unstable, any classic VPN scheme
>      starts suffering a lot of connection re-negotiation overhead, which
>      sucks (even if the overhead for a single instance of properly
>      negotiating a session key is minuscle, when you do it every goddamn time
>      connection is lost, it starts adding up really fast).
>      > Also, hearbeating tends to eat mobile battery pretty fast.
>      >
> 
>      What you're looking for is "multi homed vpn", there are quite a few
>      posts and articles on the subject. Both OpenVPN and IPSec can do this
>      (though IPSec is more flexible and should do exactly what you want).

> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list