From owner-freebsd-questions@FreeBSD.ORG Wed Jun 11 19:38:18 2008 Return-Path: Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A852C1065677 for ; Wed, 11 Jun 2008 19:38:18 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (unknown [IPv6:2a01:170:102f::2]) by mx1.freebsd.org (Postfix) with ESMTP id 03F748FC16 for ; Wed, 11 Jun 2008 19:38:17 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.1/8.14.1) with ESMTP id m5BJcGJL071306; Wed, 11 Jun 2008 21:38:16 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.1/8.14.1/Submit) id m5BJcGtH071300; Wed, 11 Jun 2008 21:38:16 +0200 (CEST) (envelope-from olli) Date: Wed, 11 Jun 2008 21:38:16 +0200 (CEST) Message-Id: <200806111938.m5BJcGtH071300@lurza.secnetix.de> From: Oliver Fromme To: freebsd-questions@FreeBSD.ORG, andrewberry@sentex.net, nejc@skoberne.net In-Reply-To: <4850034B.607@sentex.net> X-Newsgroups: list.freebsd-questions User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.2-STABLE-20070808 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 11 Jun 2008 21:38:16 +0200 (CEST) Cc: Subject: Re: Openvpn on FreeBSD 7 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@FreeBSD.ORG, andrewberry@sentex.net, nejc@skoberne.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Jun 2008 19:38:18 -0000 Andrew Berry wrote: > Nejc ?koberne wrote: > > > > Why are you using TCP anyway? > > I'd been having problems with UDP and QoS a long time ago. I just hadn't > bothered to change it since it was working. Note that using TCP on top of TCP can cause certain problems, especially when packets are lost. There's a good explanation on this page: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html The short story is: If any packets are lost, the resend-algorithms of the two TCP layers will start to interfere with each other, because both have their own timeouts and will start retransmitting packets at their respective levels. This is bad, because it leads to a snowball effect. If you can guarantee that there will be zero packet loss, then TCP is fine. Otherwise I recommend to run the VPN on UDP. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor, and when was the last time you needed one?" -- Tom Cargil, C++ Journal