Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 08-03-2014, 06:35 PM   #1
Senior Member
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
VPN setup options

Regarding OpenVPN, when setting things up you can choose TCP or UDP. I know the differences in the protocols, but I fail to see why UDP would be considered "more unreliable" in a VPN tunneling situation. Because it you are tunneling a TCP connection through a UDP VPN, then that tunneled TCP will take care of retransmitting any packets that may be lost by the VPN due to it being UDP.

So I don't see any reason to think a TCP VPN would be any more reliable than a UDP one. A UDP VPN may be faster than a TCP VPN however. So, normally I would think UDP would be preferred.

Except when you have a restrictive firewall in the way that might block the UDP packets. In that case you would want a TCP VPN using some port that you would not expect to be blocked (port 80 or port 443).

My question has to do with setup. Specifically in a Tomato firmware router. Under the "VPN tunneling" menu you have the option of setting up TWO servers. So why not set up one as UDP and the second one as TCP? When configuring your clients, you could have their setup use UDP for the fastest potential network speed. And in the case where you run into a restrictive firewall, you could switch the client config to use the TCP VPN instead.

Is this a standard way people here are setting things up? Or am I missing something? It would seem you'd want to set up your Tomato router to allow both types of VPN protocol, and make the choice of which one to use at the client end, depending on what situation the client was in (restrictive firewall or not) at the time you want to connect. Am I understanding what Tomatos options for "Server 1" and "Server 2" are correctly? Are you really running two different VPN servers simultaneously, allowing the client end to choose which one they want?

Seems to me that if you were only running one VPN server, and you always wanted to be able to connect even when faced with restrictive firewalls, you should set up a TCP VPN on a common non-blocked port. I see no reason to set up a UDP-only VPN server, because you'd potentially block yourself if you ended up behind that restrictive firewall you didn't anticipate. But setting up both types, if indeed I am interpretting what Tomato does correctly, sounds like the ideal solution. You would default to UDP on the client end for fastest performance when streaming and such, but still have the slower TCP fallback to guarrantee you could get through in restrictive environments.
Old 08-06-2014, 04:11 AM   #2
Registered: Jan 2012
Location: South Africa
Posts: 509

Rep: Reputation: 203Reputation: 203Reputation: 203

Your TCP/UDP reasoning makes sense to me. Where I have a choice, I use UDP almost all the time, and only use TCP on very unreliable networks, where it does seem to help a bit.

I've used dual server setups on Linux without any problems. While I haven't tried it on Tomato specifically, my understanding is that it is indeed running two different openvpn servers concurrently, so I see no reason for it not to work there.

Please post back with your results if you do try this.

Good luck!
Old 08-09-2014, 02:09 PM   #3
Senior Member
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,331

Original Poster
Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Yes, it appears that Tomato does allow you to run two independant VPN servers. I have the UDP/TUN VPN server running and working for clients, but failed on my first attempt to connect to the TCP/TAP VPN server. This failure is probably a user error on my part when configuring the TCP/TAP one, but I haven't had a chance to debug it yet. However, the bottom line is that Tomato does appear to be running both servers simultaneously, which was my initial question.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing VPN auto-connect options in python - code issues! ziphem Linux - Networking 0 02-26-2012 03:17 AM
Linux VPN automatic connect options AlteRFirE Linux - Software 0 04-17-2008 02:43 AM
Free/Open/Strong S/WAN or other VPN options Ratclaws Linux - Security 3 06-29-2005 12:04 AM
PPTP (VPN) server: authentication options (Radiut / Chap-secrets / ldap/..) ? aa_tango Linux - Wireless Networking 0 05-27-2004 10:47 AM
Firewall & VPN Gateway Options srogers63 Linux - Networking 3 01-27-2002 07:14 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:28 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration