OpenVPN TCP vs UDP
Thomas Charron
twaffle at gmail.com
Thu Jul 12 13:03:08 EDT 2007
On 7/12/07, Derek Atkins <warlord at mit.edu> wrote:
> "Drew Van Zandt" <drew.vanzandt at gmail.com> writes:
> > I saw the various discussions of OpenVPN TCP vs. UDP on the list, and in
> > particular saw some people saying "TCP over TCP is bad, avoid unless
> > necessary" and others saying "That's only under rare circumstances." I
> TCP over TCP *is* bad because you're running the congestion control
> portions twice and they interact BADLY. If you have any (real)
> congestion or packet loss, TCP over TCP will just lose very badly.
> I've tested this in many different configurations in a former job
> when I was running ppp over ssh and let me tell you I was SO much
> happier once I switched to SSH port forwarding!
But from a practical standpoint, it only *really* makes a difference
when you have massive packet loss on a link. This is why most people
who DO use it don't see the huge deal, because the majority of the
time, packet loss isn't a problem.
There is, however, also the issue of TCP connections requiring more
overhead to provide a connection then UDP. On the other hand, passing
TCP connections thru a NAT is much easier then getting inbound UDP
packets to get thru.
--
-- Thomas
More information about the gnhlug-discuss
mailing list