Some questions about SPTPS

Etienne Dechamps etienne at edechamps.fr
Wed Aug 13 01:03:15 CEST 2014 

On 12/08/2014 23:37, Tim Eggleston wrote:
>> I wholeheartedly agree. I often use tinc in "road warrior" scenarios
>> where it is very convenient to be able to connect to the VPN even in
>> extremely hostile network environments (the typical airport/hotel
>> crappy Wi-Fi). I believe Skype is the champion in that category, and
>> we should aspire to do the same.
>
> Hopefully this isn't too off-topic for this thread (it totally is but
> I'm going to plow on anyway!), but can you give me a quick precis of the
> benefits that tinc would provide in a road-warrior scenario over
> something like OpenVPN on tcp/443 (i.e. very unlikely to be blocked
> anywhere)? The OpenVPN server already has secure routes to everywhere
> else in my network, so the only connection I'm thinking about here is
> the remote guy -> server, I'm not really considering the mesh
> capabilities of tinc in this instance.

If you're asking if tinc is better at establishing a connection than 
OpenVPN on TCP 443, the answer is no. The real benefit of tinc is about 
performance: contrary to OpenVPN, it will automatically detect and use 
the most efficient method to get packets through, and it will do it 
without any user involvement.

So, for example, if there is a way to get UDP going between you and the 
server, tinc will automatically use it, and fall back to TCP if it 
can't, without you having to do anything. (as a reminder, tunnelling TCP 
over TCP is very inefficient and you shouldn't do it unless you 
absolutely have to) It's able to do that with full UDP hole punching 
support so that it can circumvent NATs, and it extends these features to 
the entire tinc graph (whereas OpenVPN is centralized).

Sure, if you only care about establishing a connection, then there's no 
difference between OpenVPN and tinc. The real difference is that tinc 
will be able to get the most out of the network you're on, whereas with 
OpenVPN you'll be stuck with the lowest common denominator (i.e. TCP 
over TCP going through a single centralized node).

-- 
Etienne Dechamps

More information about the tinc mailing list