Hi guys, I would like to set up a high-speed VPN… the connection speed should be exactly the same speed as a native connection speed.
Here is the situation:
I have a private network containing arbitrary information and communication. Nothing is “sensitive”, but I want clients to “authenticate” before access, and since its not only HTTP its can’t be HTTP authentication, and because they will already have what ever connectivity ADSL, 3G etc etc it can’t be base it on that either… the first, and most simple thing i could think of is VPN… its practically designed for exactly this purpose… however… its always dreadfully slow!! All the additional security layers bog it down dreadfully.
So i’m looking for a way to establish a “secure connection” (as step 1), so that the IP is issued to the VPN client, and from then normal unsecured (or un-encrypted) traffic can flow at full speed, without the restraint of the layers of security. From the head-end I can simply allow VPN clients only, and have great control over who has access.
How would i go about doing this?
PS, I already have a secure VPN (PPTP), this is kind of for clients who want to pay less for less security.
First of all, there is no such thing as a VPN without an overhead to your traffic.
It’s simply the way VPNs and tunnels encapsulate the packets in order for them to work, which adds an overhead of some (or more - depending on the protocol used) bytes to the original packets.
So there is no way you can have the exact same speed over a VPN as the native connection.
Even with standard xDSL connections you can never download as much as the modem synchronizes due to the PPPoE encapsulation overhead (~15% of the sync speed).
The solution I use in such scenarios where no security is needed, is EoIP tunnels.
It seems they have the smallest overhead and they can transport full 1500byte ethernet frames without fragmentation of the packets inside the tunnel (in contrast to PPTP/L2TP/etc) which can reduce a lot of MTU headaches
But you cannot use it behind NAT, and by default it does not work with dynamic IPs (you need some dyndns service and some scripting to make this work).
Also it’s Mikrotik proprietary protocol based on the GRE (47) protocol, so you can use it mainly for mikrotik to mikrotik tunnels.
There is an opensource eoip tunnel software for linux out there but I haven’t used it extensively (it works though last time I checked)
