On Wednesday, 30 August 2017 11:49:33 AM AEST Arne Schwabe wrote: > Am 29.08.17 um 22:53 schrieb wang yu: > > URL https://community.openvpn.net/openvpn/ticket/2 > > <https://community.openvpn.net/openvpn/ticket/2> > > > > As I mentioned,the custom TCP protocol(I called FakeTCP) bypasses the > > TCP over TCP performance issue.Its helpful when UDP is not > > avaliable(being blocked or being throttled or not well supported by NAT > > devices). > > > > This was your reply: > >>We are not going to implement it, though. OpenVPN over TCP is needed > >> > > when you have nasty firewalls out there that do sequence number checking > > and all that - and then your FakeTCP is not going to work either. If you > > have no firewalls in the way, OpenVPN over UDP works perfectly well > > (including "through NAT"). > > > > Sorry,I cant get the logic behind the sentence. > > > > UDP not avaliable is a much more common circumstance,while a nasty > > firewall which tracks everything of TCP is just a rare circumstance. > > > > This method solves most of the troubles when UDP is not avaliable just > > except the nasty-firewall circumstance you mentioned. > > > > It seems like you rejected a commonly workable feature for a rare > > circumstance. > > > > I tried to have a further discussion with you by another reply in the > > Tracker,but you closed the issue without a word. > > > > I am okay wheter or not the feature can be implemented.I just hope its > > well discussed and there is a convincing reason if it cant > > be implemented.If this feature is acceptable I can make patches. > > > > If you dont have time to discuss with me,plz leave the ticket open for a > > few days,so that I can possibly get some more convincing feedback from > > others. > > While a fake TCP as UDP sounds like a nice idea, OpenVPN itself is > probably the wrong place to implement it. It would mean to implement a > TCP/IP stack in userspace, something that would complicate OpenVPN > without much gain. Much better would be to teach the kernel to speak > this fake TCP UDP protocol so openvpn can just set the socket options on > its tcp socket to enable this special mode. > > Take a look at Multipath TCP to get an idea what implementing such a > fake TCP might entail. Also OpenVSwitch implemts a STT [1], a fake TCP > protocol but for a very different reason. > > [1] > https://networkheresy.com/2012/03/04/network-virtualization-encapsulation-an > d-stateless-tcp-transport-stt/ > > In sum and I think I speak for all us, we are not against such a FakeTCP > protocol but it should be > > a) implemented outside openvpn (the kernel) > b) nobody of the OpenVPN core team will implement it > > This protocol will probably help only if people just block all UDP and > allowed a few TCP protocol. You won't fool a real firewall that checks > TCP with it.
Something like this? https://lwn.net/Articles/614348/ -- Steven Haigh 📧 net...@crc.id.au 💻 http://www.crc.id.au 📞 +61 (3) 9001 6090 📱 0412 935 897
signature.asc
Description: This is a digitally signed message part.
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel