> On 18 Jun 2017, at 15:44 , Bright Zhao <[email protected]> wrote: > > I agree with the in-effective of TCP transmission, but I wonder if the the > UDP packet is dropped, the tinc VPN itself wouldn’t retransmit, and if the > upper level application doesn’t handle the packet loss well, will this be the > problem? > > Or the upper level application have very limited tolerance to packet > loss(like RDP application, I guess if the packet loss go to certain > threshold, the connection will be lost).
TINC/OpenVPN/IPsec/L2TP/<insert VPN tech of choice> should *NOT* be the place where you handle your network connection reliability If the upper level app/etc. can’t handle the packetloss(es), then you’ll have to either fix your network, or the upper level application, as TCP/IP already does retransmissions with packet losses, and since it’s just encapsulated over the vpn-tech-of-choice, it’s not the VPN-tech-of-choice that should retransmit, but the TCP/IP stack. > >> On 18 Jun 2017, at 9:25 PM, hvjunk <[email protected]> wrote: >> >> The only time I can think off, that you’ll *want* to use TCP, is when UDP >> doesn’t work through the firewalls/NATting. >> >>> On 18 Jun 2017, at 14:53 , Bright Zhao <[email protected]> wrote: >>> >>> If the concern is more about the reliability instead of throughput, should >>> I add TCPonly = yes in the host configuration to make the VPN runs on TCP? >> >> The problem with TCP, is that TCP, encapsulated inside a TCP stream, is a >> recipe for very poor performance, as you could have retransmits, >> encapsulated in retransmits. >> >> But then the questions might be more like: Have you read up about why VPNs >> over TCP isn’t a good idea? >> And since you have, what reliability issues are you having with tinc over >> UDP? >> And if you have those reliability problems over UDP, what tests have you >> done to confirm it’s not the network, but the UDP that is less reliable than >> the TCP VPN settings? >> >> >> >> _______________________________________________ >> tinc mailing list >> [email protected] >> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc > > _______________________________________________ > tinc mailing list > [email protected] > https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc _______________________________________________ tinc mailing list [email protected] https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
