I'd like to tunnel a large amount of traffic from my local network to a server located in a datacenter, in a way that I don't have to make many changes to my local applications.
The two methods that I have come up with are 1) using a VPN (openvpn), or 2) a persistent SSH tunnel; either way I just need to change the port that my apps use and the traffic should be transparently redirected.
My questions are:
- Which one oh these methods offers the lowest (protocol/network) overhead? My bandwidth is precious.
- Are there other tunneling methods that I am not aware of?
I'd expect gzip in ssh and stunnel to be faster than lzo in openvpn, but..
Given that your bandwidth is so precious, I'd recommend you test your particular application and your particular data against ssh, openvpn and stunnel.
ssh, stunnel and openvpn all have support for compression. If your data is highly compressible, you may be able to trade CPU time in order to save some bandwidth, but this assumes you have sufficient CPU resources available at both ends.
On some systems, ssh makes it easier to configure strong, mutual authentication than stunnel and openvpn.
However, stunnel and openvpn might be much easier to run unattended and reliably (monitoring, reconnects, etc) which may influence your decision as well.
Finally, there's always the option of moving as much data as you can when nothing else is using your network, or make use of bandwidth throttling, if your environment allows it.
Your OS's integrated SSH is your best option. OpenVPN normally ads overheads compare to 'built-in' SSH
Make sure your firewall(s) and router give your SSH tunnel priority.
You could use SFTP as well.
You can also use
stunnelfor this kind of operation, the overhead is quite low