home
home profile hosting info news fun stuff Technical Stuff support contact us
WINDOWS NETWORKING TIPS

Categories

VPN vs. SSH Tunnel

Most companies offer nowadays remote access via a VPN connection (which can be easily set up in Windows), so that users can connect to the office LAN remotely. (Typically this involves sales, pre-sales, support engineers etc.) In itself, the VPN facility in Windows is a nice feature, however, there is a downside to it: the moment the connection is established, all of the TCP/IP packets are routed via the VPN! At first glance, this might not be a problem in itself, however, consider the following scenario:

  1. User A is in a LAN with a connection to the Internet. S/he needs to connect to work to retrieve some files, so a VPN connection is established with the office.
  2. The VPN connection speed is limited by the company, which has daily loads of users connecting remotely and because of this is trying to prevent users from "highjacking" all the bandwidth -- and the decent thing to do is to limit the bandwidth for the remote connections.
  3. While files are being transferred, the user decides to also download the latest IE patch from Microsoft. So obviously s/he starts the browser and points it to the location of the patch files on microsoft.com and starts the download.
  4. The download traffic is routed -- because of the VPN connection being active -- through the VPN; so the packets are arriving first in the office LAN (probably at a high speed) and then they are queued to be sent over to the user over the VPN connection -- which would slow down the download quite a lot probably! If the initial LAN the user A was connected to has a high-speed Internet connection, then this would fall nothing short of a waste of bandwidth and resources -- as chances are the download would take under a minute if the download traffic would still stay in the original LAN, rather than going through the VPN connection.

There is a possible workaround these situations, but that involves an SSH server and an SSH client which supports tunnelling. Simply ssh into the office ssh server and tunnel a local port to a terminal server in your office (the port for terminal services is 3389); then having established the SSH connection, start the Remote Desktop Client and point it to the port on the local machine that you have just tunnelled to the terminal server in the office -- and you will get connected to the office through an SSH tunnel, while keeping all the other traffic going through the LAN you are connected to (so your download from microsoft.com would take so much less time as you don't have to wait for the packets to go first through the office VPN connection). And because you are using RDS, it is very simple to copy files from the server and paste them onto your local machine (or viceversa)!

Go back to the Networking Tips page.
Go back to the Technical page.
Go back to the main page.
Home | Profile | Hosting | Info | News | Fun Stuff | Tech | Support | Contact Us | J2ME tips and news

© Copyright liviutudor.com.
Based on a template from TemplatesBox.com

Valid CSS! Valid XHTML 1.0 Transitional Get FireFox! Powered by Debian Linux Powered by Apache Web Server No Software Patents View My profile on LinkedIn

Interesting site about getting Londoners chatting during their daily commute I Can Talk, Me!
Liviu Tudor personal web page details hobbies also loads of technical tips and fun stuff for you to browse code to download free and applications Java J2ME mobile code free mobile Java J2ME applications to download and use on your mobile phone read technical Java J2ME articles details for Liviu Tudor Lipu Liv have a look at the technical tips provided for various technical categories fun stuff funny quotes ASCII art drawing ascii bitmaps fun knowledge base technical tips programming sysadmin windows Java java knowledge base