RE: [squid-users] Secure user authentication on a web proxy

----------------------------------------
> Date: Tue, 20 Sep 2011 21:51:23 +0300
> From: nmilas_at_noa.gr
> To: bodycare_5_at_live.com
> CC: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] Secure user authentication on a web proxy
>
> On 20/9/2011 8:58 μμ, Jenny Lee wrote:
>
> > I don't know if stunnel uses TCP or not.
>
> Thanks for your thoughts Jenny.
>
> "Stunnel works with SSL, which runs only on TCP." (Ref.:
> http://www.stunnel.org/?page=faq.)
>
> > But OpenVPN has an option to use TCP. You will find that VPN over UDP
> > is 3 times faster tha VPN over TCP. All is not vain, though. There is
> > a kernel option not to not combine packets to bigger chunks and send
> > them immediately as smaller chunks. OpenVPN option "tcp-nodelay"
> > activates that and i can reach almost UDP speeds with TCP. I would
> > check if something similiar exists for stunnel.
>
> The stunnel program is designed to work as an SSL encryption wrapper
> between remote client and local (inetd-startable) or remote server.
>
> I could directly use OpenVPN instead; I would expect it will take a much
> greater preparation in terms of system design and implementation, but it
> would be more versatile and manageable. Eventually I believe I might do it.
 
 
You can find the openvpn option i am talking about on the very page you quoted from stunnel:
 
My connections are slow, slow, slow

One option might be to turn on the TCP NODELAY option on both ends. On the server, include the following options:
socket = l:TCP_NODELAY=1
and on the client include:
socket = r:TCP_NODELAY=1

 
Amos, this option should be included in squid faqs. Those who tried to do tcp over tcp tunnelling know how painful it is.
 
 
Jenny
Received on Wed Sep 21 2011 - 07:57:55 MDT