Search squid archive

RE: Secure user authentication on a web proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----------------------------------------
> Date: Tue, 20 Sep 2011 21:51:23 +0300
> From: nmilas@xxxxxx
> To: bodycare_5@xxxxxxxx
> CC: squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  Secure user authentication on a web proxy
>
> On 20/9/2011 8:58 μμ, Jenny Lee wrote:
>
> > I don't know if stunnel uses TCP or not.
>
> Thanks for your thoughts Jenny.
>
> "Stunnel works with SSL, which runs only on TCP." (Ref.:
> http://www.stunnel.org/?page=faq.)
>
> > But OpenVPN has an option to use TCP. You will find that VPN over UDP
> > is 3 times faster tha VPN over TCP. All is not vain, though. There is
> > a kernel option not to not combine packets to bigger chunks and send
> > them immediately as smaller chunks. OpenVPN option "tcp-nodelay"
> > activates that and i can reach almost UDP speeds with TCP. I would
> > check if something similiar exists for stunnel.
>
> The stunnel program is designed to work as an SSL encryption wrapper
> between remote client and local (inetd-startable) or remote server.
>
> I could directly use OpenVPN instead; I would expect it will take a much
> greater preparation in terms of system design and implementation, but it
> would be more versatile and manageable. Eventually I believe I might do it.
 
 
You can find the openvpn option i am talking about on the very page you quoted from stunnel:
 
My connections are slow, slow, slow

One option might be to turn on the TCP NODELAY option on both ends. On the server, include the following options: 
socket = l:TCP_NODELAY=1
and on the client include: 
socket = r:TCP_NODELAY=1

 
Amos, this option should be included in squid faqs. Those who tried to do tcp over tcp tunnelling know how painful it is.
 
 
Jenny 		 	   		  


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux