Hi to all.
Would you please stop put me in copy?
Thank you very much
2017-08-30 13:05 GMT+02:00 wang yu <wangyu...@gmail.com>:
> Hi,Steven:
>
> Thats not very similiar to what I was talking about.
>
> The URL you post,talks about adding UDP headers to TCP packets(by kernel
> patch) to make use of "hardware support for UDP" and other advantages of
> UDP.
>
> I was talking about adding TCP headers to UDP packets(by using raw socket)
> to send UDP packets as TCP when UDP is not avaliable.It can bypass the
> performance issue of TCP over TCP.If you are interested,check my repo:
>
> URL https://github.com/wangyu-/udp2raw-tunnel
>
> Though it may not have a chance to be integrated into OpenVPN,the idea has
> been already implemented as an external program which can work stably with
> OpenVPN.
>
> Thank you all the same.
>
> On Wed, Aug 30, 2017 at 3:23 AM, Steven Haigh <net...@crc.id.au> wrote:
>
>> On Wednesday, 30 August 2017 11:49:33 AM AEST Arne Schwabe wrote:
>> > Am 29.08.17 um 22:53 schrieb wang yu:
>> > > URL https://community.openvpn.net/openvpn/ticket/2
>> > > <https://community.openvpn.net/openvpn/ticket/2>
>> > >
>> > > As I mentioned,the custom TCP protocol(I called FakeTCP) bypasses the
>> > > TCP over TCP performance issue.Its helpful when UDP is not
>> > > avaliable(being blocked or being throttled or not well supported by
>> NAT
>> > > devices).
>> > >
>> > > This was your reply:
>> > >>We are not going to implement it, though. OpenVPN over TCP is needed
>> > >>
>> > > when you have nasty firewalls out there that do sequence number
>> checking
>> > > and all that - and then your FakeTCP is not going to work either. If
>> you
>> > > have no firewalls in the way, OpenVPN over UDP works perfectly well
>> > > (including "through NAT").
>> > >
>> > > Sorry,I cant get the logic behind the sentence.
>> > >
>> > > UDP not avaliable is a much more common circumstance,while a nasty
>> > > firewall which tracks everything of TCP is just a rare circumstance.
>> > >
>> > > This method solves most of the troubles when UDP is not avaliable just
>> > > except the nasty-firewall circumstance you mentioned.
>> > >
>> > > It seems like you rejected a commonly workable feature for a rare
>> > > circumstance.
>> > >
>> > > I tried to have a further discussion with you by another reply in the
>> > > Tracker,but you closed the issue without a word.
>> > >
>> > > I am okay wheter or not the feature can be implemented.I just hope its
>> > > well discussed and there is a convincing reason if it cant
>> > > be implemented.If this feature is acceptable I can make patches.
>> > >
>> > > If you dont have time to discuss with me,plz leave the ticket open
>> for a
>> > > few days,so that I can possibly get some more convincing feedback from
>> > > others.
>> >
>> > While a fake TCP as UDP sounds like a nice idea, OpenVPN itself is
>> > probably the wrong place to implement it. It would mean to implement a
>> > TCP/IP stack in userspace, something that would complicate OpenVPN
>> > without much gain. Much better would be to teach the kernel to speak
>> > this fake TCP UDP protocol so openvpn can just set the socket options on
>> > its tcp socket to enable this special mode.
>> >
>> > Take a look at Multipath TCP to get an idea what implementing such a
>> > fake TCP might entail. Also OpenVSwitch implemts a STT [1], a fake TCP
>> > protocol but for a very different reason.
>> >
>> > [1]
>> > https://networkheresy.com/2012/03/04/network-virtualization-
>> encapsulation-an
>> > d-stateless-tcp-transport-stt/
>> >
>> > In sum and I think I speak for all us, we are not against such a FakeTCP
>> > protocol but it should be
>> >
>> > a) implemented outside openvpn (the kernel)
>> > b) nobody of the OpenVPN core team will implement it
>> >
>> > This protocol will probably help only if people just block all UDP and
>> > allowed a few TCP protocol. You won't fool a real firewall that checks
>> > TCP with it.
>>
>> Something like this?
>>
>> https://lwn.net/Articles/614348/
>>
>> --
>> Steven Haigh
>>
>> 📧 net...@crc.id.au 💻 http://www.crc.id.au
>> 📞 +61 (3) 9001 6090 📱 0412 935 897
>> ------------------------------------------------------------
>> ------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Openvpn-devel mailing list
>> Openvpn-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
--
------------------------------
*This email may contain material that is subject to copyright or trade
secret protection, confidential and/or privileged and, in all cases,
provided for the sole use of the intended recipient. Any review, reliance
or distribution by others or forwarding without express permission is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies. E-mail transmission cannot be guaranteed
to be secure or error-free as information could be intercepted, corrupted,
lost, destroyed, arrive late or incomplete, or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
contents of this message, which arise as a result of e-mail transmission.
Mercury Trade Finance Solutions may monitor the use of this email system
for various purposes including security management, system operations, and
intellectual property compliance. Mercury - TFS's email systems may not be
used for the delivery of unsolicited bulk e-mail communications.*
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
