On 15/05/15 20:04, Lisa Minogue wrote: > One thing to keep in mind with the Tor/obfsproxy and stunnel, is that once > you get into lossy networks, you're going to find ovpn can become unusable. > What's your definition of lossy networks? > >
I think the lossy comment is not a tunnelling issue - lossy networks leads to majorly lossy VPNs in general. e.g. we've run Cisco IPSec VPN tunnels over the Internet for 15 years and I can tell you the "rule of thumb" is 1% packet loss on the Internet == 10% packet loss in IPSec tunnels (and 10% is "agh!!! the network is down!!!"). So if you are tunnelling openvpn through another layer, I can imagine it making things even worse - but it's not the extra layer that's really to blame - it's simply lossy network == unhappiness Another anecdote: two weeks ago I was in a hotel where the dodgy WiFi network had my laptop roaming between a working AP and a non-working AP (which I could only diagnose because I vaguely know what I'm doing). Every time I roamed to the non-working AP, my openvpn would time out and then my laptop would roam back to the working AP and openvpn would successfully re-initialize. This lead to a nearly unusable VPN connection. However, I barely noticed this "flapping" within my web browser which was accessing the Internet directly (stateless web pages - without youtube of course ;-) - which made me think that if I was a "normal" user, I'd be saying " the Internet is fine - it's the vpn that's broken". I really doubt any vpn software could better compensate for that corner case - and I think that fits the description of "lossy network" well. -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
