WAP/Router for use with OpenVPN

Thomas Charron twaffle at gmail.com
Tue Jul 7 13:34:22 EDT 2009


On Tue, Jul 7, 2009 at 12:07 PM, Ben Scott<dragonhawk at gmail.com> wrote:
>  Tom is convinced that UDP through NAT causes instability in the
> space-time continuum or something.  ;-)  He and I had a long argument
> about it on this list once.  (As I understand it, his point was that
> UDP, being unidirectional, doesn't guarantee that port numbers will be
> symmetrical, and thus you can't count on UDP returning over NAT
> reliably.  Which is true, so far as it goes.  My point was that in
> practice, port numbers usually are symmetrical.  Certainly OpenVPN
> works that way.)

  Hey, I'm just trying to do my part to save the time space continuum.
 :-D  In reality, after a conversation with some of the IT guys in
texas, they actually intentionally remap their UDP ports on outgoing
packets.  Some pointy-haired boss with just enough knowledge to be
dangerous decided it was a security precation.

>  Since we're on the subject: It's generally recommended to avoid
> tunneling TCP over TCP, which is what you end up doing if you run
> OpenVPN over TCP.  It's often not a problem if the connection is
> reliable, but if you encounter packet loss or congestion, both TCP
> layers end up retrying together, which tends to compound the original
> problem.

  The reliability of the connection is really relative.  Congestion
issues aside, generally speaking, you have a pretty decent connection,
or you have a reeaaly bad connection which is going to potentially
bring your thruput to unusable levels.

-- 
-- Thomas



More information about the gnhlug-discuss mailing list