[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] UDP or TCP?

  • Subject: Re: [Openvpn-users] UDP or TCP?
  • From: Jamie Lokier <jamie@xxxxxxxxxxxxx>
  • Date: Sat, 12 Mar 2005 19:53:06 +0000

Mathias Sundman wrote:
> >The TCP layer OVER the TCP one will provide the needed reliability.
> >Also, you can use options like "keepalive" to force firewalls and others
> >nasty things to... keep the connection alive.
> In theory yes, but in practice I have experince from running OpenVPN that 
> TCP usually works better over un-reliable networks with a lot of packet 
> loss. Sometimes I can't even connect using UDP over for example GPRS (cell 
> phone).
> But on reliable networks UDP is usually slightly faster...

Yes.  There are two circumstances where running it over TCP is better:

    1. The VPN is over a link with relatively high loss and relatively
       low latency compared with the overall end-to-end loss and latency
       of connections that will go over the VPN.

    2. The VPN is over a NAT or firewall which blocks UDP or does not
       NAT it properly.

In the first case, it would be possible to do even better if OpenVPN
detected retransmitted TCP packets that it is tunnelling, and dropped
those duplicates.

-- Jamie

Openvpn-users mailing list