From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RvzLz-0008Px-7E for garchives@archives.gentoo.org; Fri, 10 Feb 2012 22:54:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 07B22E083C; Fri, 10 Feb 2012 22:53:54 +0000 (UTC) Received: from outbound.icp-osb-irony-out7.iinet.net.au (outbound.icp-osb-irony-out7.iinet.net.au [203.59.1.108]) by pigeon.gentoo.org (Postfix) with ESMTP id A021BE080A for ; Fri, 10 Feb 2012 22:52:44 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ArUGAO2eNU86B4OK/2dsb2JhbABEgw2sWoEHgXIBAQQBOkQLCw0LLlcGE4d8CbhEizQeDgYBAhIDOgMBAwQZBoMYBUECAQSEFwSIR4xphVoijHU X-IronPort-AV: E=Sophos;i="4.73,398,1325433600"; d="scan'208";a="74315973" Received: from unknown (HELO moriah.localdomain) ([58.7.131.138]) by outbound.icp-osb-irony-out7.iinet.net.au with ESMTP; 11 Feb 2012 06:52:42 +0800 Received: from localhost (localhost [127.0.0.1]) by moriah.localdomain (Postfix) with ESMTP id 2346B20A50D for ; Sat, 11 Feb 2012 06:52:42 +0800 (WST) X-Virus-Scanned: amavisd-new at lan.localdomain Received: from moriah.localdomain ([127.0.0.1]) by localhost (moriah.lan.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wA60xRU3TMNO for ; Sat, 11 Feb 2012 06:52:38 +0800 (WST) Received: from [192.168.43.118] (bills-ipad.wifi.localdomain [192.168.43.118]) by moriah.localdomain (Postfix) with ESMTP id B4C672088B7 for ; Sat, 11 Feb 2012 06:52:38 +0800 (WST) Subject: Re: [gentoo-user] Re: Recommended VPN Tunnel client? References: <201202101505.06700.michaelkintzios@gmail.com> <4F355057.4050101@orlitzky.com> <4F356399.7030304@orlitzky.com> From: "wdk@moriah" Content-Type: text/plain; charset=us-ascii X-Mailer: iPad Mail (9A405) In-Reply-To: <4F356399.7030304@orlitzky.com> Message-Id: <0EE8D58F-FB3E-483A-ABCC-551925505DDC@iinet.net.au> Date: Sat, 11 Feb 2012 06:52:38 +0800 To: "gentoo-user@lists.gentoo.org" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 (1.0) X-Archives-Salt: be04138a-14cd-4c69-9851-07a059f9796e X-Archives-Hash: 80e7739465cdee734df7ce89d48ca71b Congestion isn't the only reason to use TCP and a VPN. 3G smartphone network (Optus in Oz) has a large number of duplicate and drop= ped packets - openvpn performance over TCP is much better. Similar case wit= h a cheap French network while on holiday there. This was an extreme case t= hough with non VPN traffic very poor as well. Otherwise use openvpn with fqdn's and not IP numbers then use ospf across th= em with suitable route metrics to either share or prefer a route. Works wel= l with dynamic IP's from my ISP so should be ok in your scenario. You could= also use openvpns route push if you dont need complex dynamic routing - thi= s works better than ospf on bad links anyway. BillK On 11/02/2012, at 2:36, Michael Orlitzky wrote: > On 02/10/12 13:05, Pandu Poluan wrote: >>=20 >> No, no, no. What I meant was running TCP and UDP *on top of* OpenVPN >> (which uses UDP). >>=20 >> HAproxy seems to be able to perform its magic with TCP connections. >>=20 >=20 > I was about to say that we use it over UDP, but... we don't. We have a > small number of clients, maybe ten(?) that use the VPN for remote > administration. >=20 > UDP is recommended, references[1] are easy to google. Why we're running > it over TCP I don't know. I must have had a good reason =3D) >=20 > It performs fine anyway, but now I'm considering flipping it to UDP to > see what happens. At least I'll be in the office when it breaks. >=20 >=20 >=20 > [1] http://sites.inka.de/sites/bigred/devel/tcp-tcp.html >=20