> Please also note that I also tried using Squid + Stunnel to achieve > secure user authentication, according to these directions: > http://www.jeffyestrumskas.com/index.php/how-to-setup-a-secure-web-proxy-using-ssl-encryption-squid-caching-proxy-and-pam-authentication/ > (except that I used ldap auth on the backend). > > It worked, but performance was *very* slow (practically awful), and I > couldn't find any solution to improve performance. Squid without stunnel > worked like a breeze (but without secure/encrypted user authentication)... I don't know who tought inventing to tunnel TCP inside TCP is a good idea, but it is not. There is all sorts of race conditions when congestion causes retransmission of packets. I don't know if stunnel uses TCP or not. But OpenVPN has an option to use TCP. You will find that VPN over UDP is 3 times faster tha VPN over TCP. All is not vain, though. There is a kernel option not to not combine packets to bigger chunks and send them immediately as smaller chunks. OpenVPN option "tcp-nodelay" activates that and i can reach almost UDP speeds with TCP. I would check if something similiar exists for stunnel. Jenny
