[linux-elitists] Pompous Top 10 List

Heather star@betelgeuse.starshine.org
Thu Jun 14 00:33:50 PDT 2001

> On Thu, Jun 14, 2001 at 12:02:11AM -0400, Brooklyn Linux Solutions wrote:
> > 
> > <<By going through the VPN you can get to the machine, since the VPN
> > tunnel allows you to be part of the NAT'd network.>>
> > Thank You Sam
> > 
> > Why should that be faster than ssh into the gateway and then ssh to the
> > box?
> > 
> I never said it was faster.  It's just more direct/easier.  Especially if
> you're already VPN'd into the private network.

If the connection is like this:
|      |        ________________.
|  You -----ssh---- VPN          \ Destination
|______|        ~~~~~~~~~~~~~~~~.'

and the VPN is doing crypto as well as NAT, it might be slower, because
you're getting double-encrypted.

If your VPN is set up enough that its translation is "invisible" to you,
it may be faster to an end user type (hint: latency, not bandwidth, nor 

You can set up ssh keys and your .profile such that you get a very clean
"double hop" through the gate... but I don't advise it.

________             _______
|      |             |
|  You -----ssh------> how handy that ssh takes a commandline
|______|               tell it to ssh connect onward
                             protected system just what,
                             accepts a key with no passphrase?
                             what if someone hacks your gateway box?

So startup should be slower, you'd want to type two passphrases.  But the
connection may be faster for certain kinds of things.  Specifically, things
which don't send once character at a time back through the double hop.

But, you can have an alias with the snarky ssh commandline.  And you don't
have to depend on the VPN admins.

* Heather * Never underestimate the bandwidth of a station wagon full of tapes.
		-- Dr. Warren Jackson, Director, UTCS

More information about the linux-elitists mailing list