On 08/02/13 15:51, [email protected] wrote: > Hello, > Can anyone give a basic pro and con assessment of TCP vs UDP for > OpenVPN? I am getting some random disconnects which I "think" may be > caused by the same reason I am getting "TLS Error: local/remote TLS keys > are out of sync" based on some older forum threads. I will be going > over my configs and looking at maybe tweaking the keep-alive times. > These disconnects are random but do seem to happen more often when I am > connected to more than one VPN, in case that may have some baring on the > situation. I have several network segments behind a master-slave pair > of pfSense boxes and each segment is accessed by its own VPN tunnel to > maintain separation. > Any thoughts? > Thank You, > JohnM
UDP is a bit more efficient - TCP includes more error-checking and needs acknowledges for each packet transferred (though the acknowledges can be tagged onto other TCP packets). OpenVPN already has enough error-checking and synchronisation. On the other hand, UDP can be problematic through some types of firewalls and complicated routing. I used to use UDP for all my OpenVPN setups - but when I failed to get it to work properly between different clients connected to different server instances on the same router machine, I tried switching to TCP and it worked perfectly. So now I use TCP for OpenVPN. (This was using a Linux router box rather than pfSense, but I don't think that will make a difference). _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
