WAP/Router for use with OpenVPN
Thomas Charron
twaffle at gmail.com
Tue Jul 7 13:34:22 EDT 2009
On Tue, Jul 7, 2009 at 12:07 PM, Ben Scott<dragonhawk at gmail.com> wrote:
> Tom is convinced that UDP through NAT causes instability in the
> space-time continuum or something. ;-) He and I had a long argument
> about it on this list once. (As I understand it, his point was that
> UDP, being unidirectional, doesn't guarantee that port numbers will be
> symmetrical, and thus you can't count on UDP returning over NAT
> reliably. Which is true, so far as it goes. My point was that in
> practice, port numbers usually are symmetrical. Certainly OpenVPN
> works that way.)
Hey, I'm just trying to do my part to save the time space continuum.
:-D In reality, after a conversation with some of the IT guys in
texas, they actually intentionally remap their UDP ports on outgoing
packets. Some pointy-haired boss with just enough knowledge to be
dangerous decided it was a security precation.
> Since we're on the subject: It's generally recommended to avoid
> tunneling TCP over TCP, which is what you end up doing if you run
> OpenVPN over TCP. It's often not a problem if the connection is
> reliable, but if you encounter packet loss or congestion, both TCP
> layers end up retrying together, which tends to compound the original
> problem.
The reliability of the connection is really relative. Congestion
issues aside, generally speaking, you have a pretty decent connection,
or you have a reeaaly bad connection which is going to potentially
bring your thruput to unusable levels.
--
-- Thomas
More information about the gnhlug-discuss
mailing list