[sslh] SSLH vs OpenVPN port-share
Yves Rutschle
yves at rutschle.net
Mon May 27 08:17:49 UTC 2019
On Sat, May 25, 2019 at 08:37:31PM +0100, Sean Warner wrote:
> I'm just wondering is there any advantage to using sslh to demultiplex
> communications to OpenVPN?
IIRC there is a bug in the OpenVPN demultiplex and it won't
work with certificate-based authentication (but it was a
long time since we had a lookg at it, it might have been
fixed since).
And obviously with sslh you get a whole lot more protocols,
but if all you care about is OpenVPN and TLS, then no you
don't really need sslh.
> I suppose there might be a performance hit on OpenVPN if
> you configure it to act like a demultiplexer as well as a
> VPN server? Is it more efficient to use SSLH or would
> there be any noticeable difference in speed of OpenVPN?
I think it should be more efficient to use OpenVPN's
portshare: OpenVPN connection will be processed directly by
the OpenVPN process, while putting sslh in the loop will get
you a copy overhead for all data on all connections.
I don't think that's an issue in general though, usually the
networks are way slower than moving data around between
local processes.
Y.
More information about the sslh
mailing list