From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-134748-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Rvvfw-0007zE-MD
	for garchives@archives.gentoo.org; Fri, 10 Feb 2012 18:58:32 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 6EA15E0789;
	Fri, 10 Feb 2012 18:58:14 +0000 (UTC)
Received: from ns1.bonedaddy.net (ns1.bonedaddy.net [70.91.141.202])
	by pigeon.gentoo.org (Postfix) with ESMTP id 42D9BE076E
	for <gentoo-user@lists.gentoo.org>; Fri, 10 Feb 2012 18:57:13 +0000 (UTC)
Received: from ns1.bonedaddy.net (localhost [127.0.0.1])
	by ns1.bonedaddy.net (8.14.5/8.14.4) with ESMTP id q1AIMS7A028139
	for <gentoo-user@lists.gentoo.org>; Fri, 10 Feb 2012 13:22:28 -0500
Received: (from tgoodman@localhost)
	by ns1.bonedaddy.net (8.14.5/8.14.5/Submit) id q1AIMRFL028138
	for gentoo-user@lists.gentoo.org; Fri, 10 Feb 2012 13:22:27 -0500
X-Authentication-Warning: ns1.bonedaddy.net: tgoodman set sender to tsg@bonedaddy.net using -f
Date: Fri, 10 Feb 2012 13:22:27 -0500
From: Todd Goodman <tsg@bonedaddy.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Recommended VPN Tunnel client?
Message-ID: <20120210182227.GW7675@ns1.bonedaddy.net>
References: <CAA2qdGUVF7Vx+=kqU97j3qbjN0oRw-0dEqbOc4ffzJpY_dQneA@mail.gmail.com>
 <CAA2qdGUL622yHY39d8NqSRw5XxcGrz_T6dpcJ6cmwKNx8S9dPg@mail.gmail.com>
 <201202101505.06700.michaelkintzios@gmail.com>
 <CAA2qdGXyGJh55Ozj2HwrVs9aFMQsuwhhFZvKVqSQhf9Yasj0ig@mail.gmail.com>
 <4F355057.4050101@orlitzky.com>
 <CAA2qdGX7nf+5RDa-MMKy9JHCu+ZbyBFOoJ=NS_G5QL3Tx_ckTw@mail.gmail.com>
 <CA+czFiDYEB=aWwuRN9cJ6JJTNLYCXJT08EYbYrdu6BSFaG8sMA@mail.gmail.com>
 <CAA2qdGVe-wm3Gx70hXNiNLdV-nKdjgVhZf30dm0HWrLkhnn5pg@mail.gmail.com>
 <CA+czFiBTL_s4oGkGZjeGgGAzB1q2gv1OtWRtuHty7sqUpk_ZYg@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+czFiBTL_s4oGkGZjeGgGAzB1q2gv1OtWRtuHty7sqUpk_ZYg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 474a2615-1487-417f-9241-2fa7d5cf56be
X-Archives-Hash: 56c80ab19bd1b2b765dfe9095414bb72

* Michael Mol <mikemol@gmail.com> [120210 12:51]:
[..]
> That's what I was talking about. Where I work, we use OpenVPN,
> operating in UDP mode. This is after several bad experiences using it
> in TCP mode.
> 
> By "UDP mode" and "TCP mode", I mean OpenVPN's connections to other
> OpenVPN nodes were in UDP or TCP, respectively. When OpenVPN's
> connections operate over TCP (and thus it gets guarantee'd delivery),
> you can create a situation where a tunneled TCP connection attempts to
> push data faster than your Internet connection can allow because it
> never gets any congestion feedback; OpenVPN was accepting packets
> faster than it could shove them through, and was buffering the rest.

So obviously OpenVPN wasn't handling congestion appropriately and should
have been using some queueing discipline to discard instead of letting
transmit queues grow unbounded.

But switching to UDP from TCP just pushes the problem off your OpenVPN
gateway and onto the "outside" network.

If you're really receiving more traffic than can be sent over the
"outside" network, now you're relying on intermediate routers to "do the
right thing" with your excess UDP traffic and most likely impacting TCP
traffic through the same router.

Todd