---------------------------------------- > Date: Tue, 20 Sep 2011 21:51:23 +0300 > From: nmilas@xxxxxx > To: bodycare_5@xxxxxxxx > CC: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Secure user authentication on a web proxy > > On 20/9/2011 8:58 μμ, Jenny Lee wrote: > > > I don't know if stunnel uses TCP or not. > > Thanks for your thoughts Jenny. > > "Stunnel works with SSL, which runs only on TCP." (Ref.: > http://www.stunnel.org/?page=faq.) > > > But OpenVPN has an option to use TCP. You will find that VPN over UDP > > is 3 times faster tha VPN over TCP. All is not vain, though. There is > > a kernel option not to not combine packets to bigger chunks and send > > them immediately as smaller chunks. OpenVPN option "tcp-nodelay" > > activates that and i can reach almost UDP speeds with TCP. I would > > check if something similiar exists for stunnel. > > The stunnel program is designed to work as an SSL encryption wrapper > between remote client and local (inetd-startable) or remote server. > > I could directly use OpenVPN instead; I would expect it will take a much > greater preparation in terms of system design and implementation, but it > would be more versatile and manageable. Eventually I believe I might do it. You can find the openvpn option i am talking about on the very page you quoted from stunnel: My connections are slow, slow, slow One option might be to turn on the TCP NODELAY option on both ends. On the server, include the following options: socket = l:TCP_NODELAY=1 and on the client include: socket = r:TCP_NODELAY=1 Amos, this option should be included in squid faqs. Those who tried to do tcp over tcp tunnelling know how painful it is. Jenny
