Reliability between TCPonly and UDP for tinc?

Bright Zhao startryst at gmail.com
Sun Jun 18 15:50:38 CEST 2017 

I get it, you’re right. it’s out of VPN’s scope, VPN should focus on efficiency.


> On 18 Jun 2017, at 9:49 PM, hvjunk <hvjunk at gmail.com> wrote:
> 
>> 
>> On 18 Jun 2017, at 15:44 , Bright Zhao <startryst at gmail.com <mailto:startryst at gmail.com>> wrote:
>> 
>> I agree with the in-effective of TCP transmission, but I wonder if the the UDP packet is dropped, the tinc VPN itself wouldn’t retransmit, and if the upper level application doesn’t handle the packet loss well, will this be the problem?
>> 
>> Or the upper level application have very limited tolerance to packet loss(like RDP application, I guess if the packet loss go to certain threshold, the connection will be lost).
> 
> TINC/OpenVPN/IPsec/L2TP/<insert VPN tech of choice> should *NOT* be the place where you handle your network connection reliability
> 
> If the upper level app/etc. can’t handle the packetloss(es), then you’ll have to either fix your network, or the upper level application, as TCP/IP already does retransmissions with packet losses, and since it’s just encapsulated over the vpn-tech-of-choice, it’s not the VPN-tech-of-choice that should retransmit, but the TCP/IP stack.
> 
> 
>> 
>>> On 18 Jun 2017, at 9:25 PM, hvjunk <hvjunk at gmail.com> wrote:
>>> 
>>> The only time I can think off, that you’ll *want* to use TCP, is when UDP doesn’t work through the firewalls/NATting.
>>> 
>>>> On 18 Jun 2017, at 14:53 , Bright Zhao <startryst at gmail.com> wrote:
>>>> 
>>>> If the concern is more about the reliability instead of throughput, should I add TCPonly = yes in the host configuration to make the VPN runs on TCP?
>>> 
>>> The problem with TCP, is that TCP, encapsulated inside a TCP stream, is a recipe for very poor performance, as you could have retransmits, encapsulated in retransmits. 
>>> 
>>> But then the questions might be more like: Have you read up about why VPNs over TCP isn’t a good idea?
>>> And since you have, what reliability issues are you having with tinc over UDP?
>>> And if you have those reliability problems over UDP, what tests have you done to confirm it’s not the network, but the UDP that is less reliable than the TCP VPN settings?
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> tinc mailing list
>>> tinc at tinc-vpn.org
>>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>> 
>> _______________________________________________
>> tinc mailing list
>> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
>> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
> 
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org <mailto:tinc at tinc-vpn.org>
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc <https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170618/8fbabc66/attachment-0001.html>

More information about the tinc mailing list