|
|
On Mon, Nov 03, 2003 at 11:38:54PM +0100, Rolf Weber wrote:
> > PS: sbdy mentioned complexity/security issues: having an udp port for each
> > single tunnel creates certainly far more complexity than having just one...
> >
> Oh, OpenVPNs source code doesn't get more complex while implementing such
> "features"? What do you believe, what is the most realistic harm for servers
> which have to be accessible to the whole internet? Maybe its own source
> code? Can you spell "sendmail" ore "SSH"?
> Again: don't add complexity if there is no need.
This is by no means a fair comparison, but just to get things into
perspective, lets compare the (source) code size of OpenVPN with a VPN
daemon which does implement such "features", like tinc:
[guus@haplo]~/scratch/openvpn-1.5_beta13> ls -l openvpn
-rwx------ 1 guus users 187288 2003-11-04 09:53 openvpn*
[guus@haplo]~/scratch/openvpn-1.5_beta13> wc *.[ch] | tail -1
26106 88144 687855 total
[guus@haplo]~/scratch/tinc> ls -l src/tincd
-rwx------ 1 guus users 93464 2003-11-04 09:55 src/tincd*
[guus@haplo]~/scratch/tinc> wc lib/*.[ch] src/*.[ch] | tail -1
14030 44534 349430 total
That was the current CVS version of tinc, and both OpenVPN and tinc have
been compiled with only the default options, and both binaries were
stripped. Once again, this doesn't say anything about the quality of the
code, and OpenVPN and tinc have very different feature sets, this is
just to say it's apparently possible to implement those features while
using only a fraction of the code size of the current version of
OpenVPN.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: Digital signature
|