From: "wdk@moriah" <billk@iinet.net.au>
To: "gentoo-user@lists.gentoo.org" <gentoo-user@lists.gentoo.org>
Subject: Re: [gentoo-user] Re: Recommended VPN Tunnel client?
Date: Sat, 11 Feb 2012 06:52:38 +0800 [thread overview]
Message-ID: <0EE8D58F-FB3E-483A-ABCC-551925505DDC@iinet.net.au> (raw)
In-Reply-To: <4F356399.7030304@orlitzky.com>
Congestion isn't the only reason to use TCP and a VPN.
3G smartphone network (Optus in Oz) has a large number of duplicate and dropped packets - openvpn performance over TCP is much better. Similar case with a cheap French network while on holiday there. This was an extreme case though with non VPN traffic very poor as well.
Otherwise use openvpn with fqdn's and not IP numbers then use ospf across them with suitable route metrics to either share or prefer a route. Works well with dynamic IP's from my ISP so should be ok in your scenario. You could also use openvpns route push if you dont need complex dynamic routing - this works better than ospf on bad links anyway.
BillK
On 11/02/2012, at 2:36, Michael Orlitzky <michael@orlitzky.com> wrote:
> On 02/10/12 13:05, Pandu Poluan wrote:
>>
>> No, no, no. What I meant was running TCP and UDP *on top of* OpenVPN
>> (which uses UDP).
>>
>> HAproxy seems to be able to perform its magic with TCP connections.
>>
>
> I was about to say that we use it over UDP, but... we don't. We have a
> small number of clients, maybe ten(?) that use the VPN for remote
> administration.
>
> UDP is recommended, references[1] are easy to google. Why we're running
> it over TCP I don't know. I must have had a good reason =)
>
> It performs fine anyway, but now I'm considering flipping it to UDP to
> see what happens. At least I'll be in the office when it breaks.
>
>
>
> [1] http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
>
next prev parent reply other threads:[~2012-02-10 22:54 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 3:48 [gentoo-user] Recommended VPN Tunnel client? Pandu Poluan
2012-02-10 4:42 ` [gentoo-user] " Pandu Poluan
2012-02-10 15:04 ` Mick
2012-02-10 16:46 ` Pandu Poluan
2012-02-10 17:13 ` Michael Orlitzky
2012-02-10 17:29 ` Pandu Poluan
2012-02-10 17:40 ` Michael Mol
2012-02-10 18:05 ` Pandu Poluan
2012-02-10 18:20 ` Michael Mol
2012-02-10 18:22 ` Todd Goodman
2012-02-10 19:07 ` Michael Mol
2012-02-10 19:21 ` Todd Goodman
2012-02-10 20:12 ` Michael Mol
2012-02-10 18:36 ` Michael Orlitzky
2012-02-10 20:14 ` Michael Orlitzky
2012-02-10 22:52 ` wdk@moriah [this message]
2012-02-10 15:12 ` [gentoo-user] " Michael Mol
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0EE8D58F-FB3E-483A-ABCC-551925505DDC@iinet.net.au \
--to=billk@iinet.net.au \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox