Tunneling in Ubuntu

NoOp glgxg at sbcglobal.net
Thu Feb 4 01:27:57 UTC 2010


On 02/03/2010 02:21 PM, Smoot Carl-Mitchell wrote:
> On Wed, 2010-02-03 at 22:40 +0100, Werner Schram wrote:
>> 
>> On Wed, Feb 3, 2010 at 7:02 AM, Nazeem نجم لدين <nazeemnss at gmail.com> wrote:
>> >
>> > hi,
>> > Can you suggest way of getting a multicast tunnel work. The assumption is
>> > that there is a unicast cloud in between two mbone networks. So we need to
>> > forward the multicast traffic over the unicast tunnel. Application is for
>> > video transmission.
>> > -Nazeem
>> >
>> 
>> I think you should be able to do it with openvpn. Using the tap setup, 
>> you can create a OSI layer 2 tunnel, which should be able to handle 
>> ip-multicast. You then need to update the routing tables in both 
>> networks to send multicast traffic to the tunnel in stead of the router. 
>> If you fully thrust the connection between the two networks, you could 
>> disable openvpn's encryption for better performance.
> 
> You can also do this with SSH which I find simpler than openvpn to
> configure (although I have done both).  Check out the -w argument to SSH
> and the 'Tunnel' configuration parameter.  Tunnel lets you do either
> layer 3 (point-to-point) or layer 2 (ethernet).  You do incur the
> encryption overhead, but I would not run a VPN connection over the
> Internet unencrypted.
> 
> 

Or, buy and use routers on each end that do the vpn encryption in
hardware. I typically avoid software vpn solutions (except for roaming
clients) for commercial/semi-commercial/private vpn networks. In the
past I've used (and still do) Linksys/Cisco BEFVP41 routers on each end.

I'm sure that there are now more modern models that can do this as well,
but the BEFVP41's (model 2/2.1) have been quite trustworthy. Setup is
simple, the encryption takes place in the hardware so it's fast and
doesn't require client software on each side of a direct connect, and
both sides can be set up to autoconnect & use keepalive to stay up even
with non-static ip addresses (I use dyndns.org for my non-commercial dsl
connections).







More information about the ubuntu-users mailing list