Hi,
I have never found any problems using UDP as the tunnel mechanism over
the internet. I was under the impression that UDP packets were less
likely to be blocked at the firewall than TCP, since historically it has
been under utilized. These days with streaming video/media where speed
is more important than reliability, UDP is really beginning to be used a
lot and so I would have said the difficulties in using UDP through
firewalls is equal to using TCP.
The advantages of using UDP to tunnel data are that it reflects the
underlying physical layer very well, whereas TCP has reliability
controls built in. These monitor the speed of connections, include
timeouts in case of lag and various other mechanisms to maintain a
connection. Unfortunately if you then tunnel TCP on top of TCP, these
mechanisms can interact poorly and produce very poor results. At least
that what I recall reading somewhere (after a quick dig it turns out the
page was part of the CIPE project which was also based on the tun/tap
virtual adaptor system, see
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html).
Anyway, personally I would always use UDP, I currently have a LAN
bridged with a many to one UDP openvpn (linux) server, all the various
openvpn (windows and linux) clients can interact with the LAN clients as
if they were all on the LAN (and vice versa). I would definitely
recommend this for road warrior solutions. Hope this helps...
Mike 5:)
