Openvpn - TCP or UDP when

2

2

Here is the scenario:

A) Desktop openvpn client Thailand B) OpenVPN Server in Singapore C) HTTP Server in London

RTT Latency from A to B is 50ms RTT Latency from B to C is 220ms.

Packet loss (via iperf) on 5mbit between A and B is 2% Packet loss on 5mbit (well even on 20mbit) between B and C is 0%.

As I control the openvpn server and client, I have the option of establishing the openvpn tunnel connection from A to B via UDP or TCP.

The OpenVPN manual tells me that the data channel is dumb, it does not implement its own retran/ack protocol.

So if Im doing TCP/HTTP from A to C my thoughts are that I will be best setting the A to B as an OpenVPN TCP tunnel and let the smaller rtt latency link resolve the packet loss, rather than using openvpn UDP and then letting the longer/higher-level http a-to-c resolve the packet loss?

FYI, I asked in #openvpn IRC on freenode but blanket unqualified statement like "TCP-over-TCP is never a good idea" so hoping for some more informed responses, Im quite happy to accept Im wrong with some substance.

Mâtt Frëëman

Posted 2013-06-15T11:50:17.657

Reputation: 559

Answers

2

See the TCP Meltdown Problem section, specifically what it references.

In sum, other than poking holes in a firewall that only allows TCP, it's best to treat the VPN as a point to point "leased line". e.g. your home to ISP doesn't use TCP, treat your OpenVPN connection the same way.

BostonDriver

Posted 2013-06-15T11:50:17.657

Reputation: 452

Asked: 2013-06-15T11:50:17.657

Viewed: 2 527 times

Active: 2013-06-15T14:40:00.583