As i first wrote a mail with the subject
"intent to package secvpn" to the
debian
developer list I got a lot of replies. Most replies asked me to upload
the package. But one reply told me, that it is not a good idea to
build vpns using tcp over tcp and a
webpage
was mentioned, where possible problems are discussed.
This was the reason to test if we could reproduce any problems. But
this was not the case. Here are our testresults:
TCP-over-TCP-Test.pdf.
More infos to run the test
We used this
script and
kernel-patch
for the test. The patche has only be used for kernel 2.2.17. If the patch
is applied you can use proc/sys/net/ipv4/ip_drop_rate to change the drop-rate
of the forwarded ip-packets. The loss-rate is per mille this means a setting
of 1000 will drop all packets. The rate is direction independent. This
means a setting of 500 (50% dropping rate) will give a pingrate of appoximately
0.5 * 0.5 = 0.25.