James Knott james.knott-bJEeYj9oJeDQT0dZR+AlfA at
Sun Jul 12 02:15:56 UTC 2009

Erik (Caneris) wrote:
> James wrote:
>> As I understand this, you may have problems caused by two TCP
>> connections trying to maintain the traffic flow.  It's one reason why
>> VPNs should be using UDP, instead of TCP.
> Indeed, as with any TCP-over-TCP tunneling, it's not an optimal solution. There are a couple of other, bigger, issues with this setup, but it's only our first attempt at it and it's something that will improve with time. The two alternatives I mentioned before, MLPPP and MPPE, each have their own advantages and disadvantages, just like this method.
> How much could another layer of encapsulation and tunneling possibly hurt? :)
> After all, it's only TCP over IP over TCP over IP over PPP over L2TP over UDP over IP over Ethernet, and that's just to get to Bell.

It's not the extra encapsulation that's the problem.  It's two TCP
streams trying to maintain traffic flow.  TCP can adjust to network
changes.  If you have two TCP connections, they may conflict, causing
performance issues.  This does not occur when UDP is used as it's
performance characteristics are the same as bare ethernet.  Have you
considered something like OpenVPN?  Or at least SSL?

The Toronto Linux Users Group.      Meetings:
TLUG requests: Linux topics, No HTML, wrap text below 80 columns

More information about the Legacy mailing list