On Wed, 23 Apr 2003, James Yonan wrote: > I wonder if one could build a better tcp-over-tcp by doing some intelligent > packet filtering on the higher level tcp connection, such as filtering out > retransmits and fudging return ACKs -- essentially removing those elements of > the TCP protocol which are designed to make TCP work over an unreliable link.
I wonder if that's necessary. Tunnelling through TCP is inherently reliable no matter what you send, so TCP-nested-in-TCP is just overkill. Cheating the OS doesn't help. Maybe some LD_PRELOAD library that turns stream sockets into dgram sockets for connections that use the tunnel is sufficient. However, this doesn't actually apply to openvpn because openvpn does TCP-over-UDP. -- Matthias Andree
