[Openvpn-users] TCP over TCP a bad idea?

  • Subject: [Openvpn-users] TCP over TCP a bad idea?
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Mon, 18 Jun 2007 11:48:42 +0100


Thanks for drawing my attention to this.

I have VPN clients that are often in other parts of the world and I 
sometimes use them as web proxies. Some sites (like the BBC) limit some 
of their output to certain geographical regions "for copyright reasons". 
I use 3Proxy, set up as a SOCKS proxy and SocksCap to socksify my 
browser. I was checking at some speed test sites via the proxy and just 
getting crazy answers. 
http://cemp1.switch.ch/network/performance/web100/tcpbw100.html gives 
all sorts of information about your connection including whether you 
have window scaling enabled and ping times and these were all over the 
place; for example it told me I don't have Windows Scaling enabled (I 
do) and that my ping was 11mS (it's nearer 200 to 300 mS from here), and 
that I was getting download rates about one tenth of what I might have 
hoped for. Now I know that the proxy machine is having a hard time since 
it's uploading and downloading at the same time, and I'm aware that 
saturating one of the pipes could have bad effects on ACK signals but 
this didn't explain it to me.

To cut a long story short I ran them for a while with a UDP connection 
for the VPN instead of TCP, and speeds about doubled without any strange 
information about ping times or windows scaling.

So it's not just theory. TCP over TCP IS a bad idea.
> Juan Jose Tomas Canovas escreveu:
>> hi all !!! (sorry for my english)
>> I`m new in openvpn but the question is easy
>> what are the problems in openvpn tcp over tcp ??
>    I think this document can be a great source of information on the 
> 'tcp-over-tcp' problems.
> Why TCP over TCP is a bad idea
> http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

