Date: Wed, 11 Jun 2008 21:38:16 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-questions@FreeBSD.ORG, andrewberry@sentex.net, nejc@skoberne.net Subject: Re: Openvpn on FreeBSD 7 Message-ID: <200806111938.m5BJcGtH071300@lurza.secnetix.de> In-Reply-To: <4850034B.607@sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Berry wrote: > Nejc ?koberne wrote: > > > > Why are you using TCP anyway? > > I'd been having problems with UDP and QoS a long time ago. I just hadn't > bothered to change it since it was working. Note that using TCP on top of TCP can cause certain problems, especially when packets are lost. There's a good explanation on this page: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html The short story is: If any packets are lost, the resend-algorithms of the two TCP layers will start to interfere with each other, because both have their own timeouts and will start retransmitting packets at their respective levels. This is bad, because it leads to a snowball effect. If you can guarantee that there will be zero packet loss, then TCP is fine. Otherwise I recommend to run the VPN on UDP. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor, and when was the last time you needed one?" -- Tom Cargil, C++ Journal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806111938.m5BJcGtH071300>