On Mon, Nov 30, 2015 at 9:54 AM, Jason Haar <jason_h...@trimble.com> wrote: > On 29/11/15 22:56, Steffan Karger wrote: >> OpenVPN makes a distinction between control traffic (key/config >> exchange, etc) and data traffic (actual vpn network packets). For >> control packets, OpenVPN has a reliability layer that ACKs packets, >> retransmits, etc. For data packets, OpenVPN does not do any of that. >> (But, when you're using TCP mode, TCP does that, ofc.) > ...Then why does it work so well over UDP? > > I almost exclusively use openvpn over UDP and I would have thought the > lack of error checking on the data channel would hurt, so why doesn't it? > > eg, if there's no UDP error checking built into openvpn, then shouldn't > DNS lookups (ie udp inside a udp openvpn tunnel) fail a lot? Or is the > Internet generally so reliable that it doesn't matter? (eg 1% packet > loss on Internet leads to 1% packet loss inside openvpn tunnel?)
You're tunnelling IP over UDP. IP assumes no reliable transport. Either you run a protocol over IP that provides the reliability (e.g. TCP), or you design your application such that it does not assume reliable transport (e.g. DNS). DNS over UDP-OpenVPN over Internet will experience (almost) the same packet loss, out-of-order transmissions and whatnot behaviour as UDP-over-Internet on the same route would. Because the assumptions IP makes on the underlying transport are similar to the behaviour of UDP tunnelling, UDP tunnelling generally works well. TCP tunnelling however can cause problems with TCP-over-TCP, because the two layers of reliability features can cause strange interactions. So yes, 1% packet loss on the underlying transport will cause 1% packet loss on your UDP-OpenVPN tunnel. And that's (generally) a good thing ;) -Steffan (Disclaimer: I'm really not a networking expert, so I might not use the correct terms, be imprecise or even incorrect. Please correct me if that is the case.) ------------------------------------------------------------------------------ Go from Idea to Many App Stores Faster with Intel(R) XDK Give your users amazing mobile app experiences with Intel(R) XDK. Use one codebase in this all-in-one HTML5 development environment. Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs. http://pubads.g.doubleclick.net/gampad/clk?id=254741551&iu=/4140 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
