Hi,Arne:
Got it.Thank you very much.
On Tue, Aug 29, 2017 at 6:49 PM, Arne Schwabe <a...@rfc2549.org> wrote:
> Am 29.08.17 um 22:53 schrieb wang yu:
> > URL https://community.openvpn.net/openvpn/ticket/2
> > <https://community.openvpn.net/openvpn/ticket/2>
> >
> > As I mentioned,the custom TCP protocol(I called FakeTCP) bypasses the
> > TCP over TCP performance issue.Its helpful when UDP is not
> > avaliable(being blocked or being throttled or not well supported by NAT
> > devices).
> >
> > This was your reply:
> >>We are not going to implement it, though. OpenVPN over TCP is needed
> > when you have nasty firewalls out there that do sequence number checking
> > and all that - and then your FakeTCP is not going to work either. If you
> > have no firewalls in the way, OpenVPN over UDP works perfectly well
> > (including "through NAT").
> >
> > Sorry,I cant get the logic behind the sentence.
> >
> > UDP not avaliable is a much more common circumstance,while a nasty
> > firewall which tracks everything of TCP is just a rare circumstance.
> >
> > This method solves most of the troubles when UDP is not avaliable just
> > except the nasty-firewall circumstance you mentioned.
> >
> > It seems like you rejected a commonly workable feature for a rare
> > circumstance.
> >
> > I tried to have a further discussion with you by another reply in the
> > Tracker,but you closed the issue without a word.
> >
> > I am okay wheter or not the feature can be implemented.I just hope its
> > well discussed and there is a convincing reason if it cant
> > be implemented.If this feature is acceptable I can make patches.
> >
> > If you dont have time to discuss with me,plz leave the ticket open for a
> > few days,so that I can possibly get some more convincing feedback from
> > others.
> >
>
> While a fake TCP as UDP sounds like a nice idea, OpenVPN itself is
> probably the wrong place to implement it. It would mean to implement a
> TCP/IP stack in userspace, something that would complicate OpenVPN
> without much gain. Much better would be to teach the kernel to speak
> this fake TCP UDP protocol so openvpn can just set the socket options on
> its tcp socket to enable this special mode.
>
> Take a look at Multipath TCP to get an idea what implementing such a
> fake TCP might entail. Also OpenVSwitch implemts a STT [1], a fake TCP
> protocol but for a very different reason.
>
> [1]
> https://networkheresy.com/2012/03/04/network-virtualization-encapsulation-
> and-stateless-tcp-transport-stt/
>
> In sum and I think I speak for all us, we are not against such a FakeTCP
> protocol but it should be
>
> a) implemented outside openvpn (the kernel)
> b) nobody of the OpenVPN core team will implement it
>
> This protocol will probably help only if people just block all UDP and
> allowed a few TCP protocol. You won't fool a real firewall that checks
> TCP with it.
>
> Arne
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
