Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-03-2014, 06:35 PM
|
#1
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
|
VPN setup options
Regarding OpenVPN, when setting things up you can choose TCP or UDP. I know the differences in the protocols, but I fail to see why UDP would be considered "more unreliable" in a VPN tunneling situation. Because it you are tunneling a TCP connection through a UDP VPN, then that tunneled TCP will take care of retransmitting any packets that may be lost by the VPN due to it being UDP.
So I don't see any reason to think a TCP VPN would be any more reliable than a UDP one. A UDP VPN may be faster than a TCP VPN however. So, normally I would think UDP would be preferred.
Except when you have a restrictive firewall in the way that might block the UDP packets. In that case you would want a TCP VPN using some port that you would not expect to be blocked (port 80 or port 443).
My question has to do with setup. Specifically in a Tomato firmware router. Under the "VPN tunneling" menu you have the option of setting up TWO servers. So why not set up one as UDP and the second one as TCP? When configuring your clients, you could have their setup use UDP for the fastest potential network speed. And in the case where you run into a restrictive firewall, you could switch the client config to use the TCP VPN instead.
Is this a standard way people here are setting things up? Or am I missing something? It would seem you'd want to set up your Tomato router to allow both types of VPN protocol, and make the choice of which one to use at the client end, depending on what situation the client was in (restrictive firewall or not) at the time you want to connect. Am I understanding what Tomatos options for "Server 1" and "Server 2" are correctly? Are you really running two different VPN servers simultaneously, allowing the client end to choose which one they want?
Seems to me that if you were only running one VPN server, and you always wanted to be able to connect even when faced with restrictive firewalls, you should set up a TCP VPN on a common non-blocked port. I see no reason to set up a UDP-only VPN server, because you'd potentially block yourself if you ended up behind that restrictive firewall you didn't anticipate. But setting up both types, if indeed I am interpretting what Tomato does correctly, sounds like the ideal solution. You would default to UDP on the client end for fastest performance when streaming and such, but still have the slower TCP fallback to guarrantee you could get through in restrictive environments.
|
|
|
08-06-2014, 04:11 AM
|
#2
|
Member
Registered: Jan 2012
Location: South Africa
Posts: 509
|
Hi,
Your TCP/UDP reasoning makes sense to me. Where I have a choice, I use UDP almost all the time, and only use TCP on very unreliable networks, where it does seem to help a bit.
I've used dual server setups on Linux without any problems. While I haven't tried it on Tomato specifically, my understanding is that it is indeed running two different openvpn servers concurrently, so I see no reason for it not to work there.
Please post back with your results if you do try this.
Good luck!
|
|
|
08-09-2014, 02:09 PM
|
#3
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
Original Poster
|
Yes, it appears that Tomato does allow you to run two independant VPN servers. I have the UDP/TUN VPN server running and working for clients, but failed on my first attempt to connect to the TCP/TAP VPN server. This failure is probably a user error on my part when configuring the TCP/TAP one, but I haven't had a chance to debug it yet. However, the bottom line is that Tomato does appear to be running both servers simultaneously, which was my initial question.
|
|
|
All times are GMT -5. The time now is 05:36 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|