Regarding OpenVPN, when setting things up you can choose TCP or UDP. I know the differences in the protocols, but I fail to see why UDP would be considered "more unreliable" in a VPN tunneling situation. Because it you are tunneling a TCP connection through a UDP VPN, then that tunneled TCP will take care of retransmitting any packets that may be lost by the VPN due to it being UDP.

So I don't see any reason to think a TCP VPN would be any more reliable than a UDP one. A UDP VPN may be faster than a TCP VPN however. So, normally I would think UDP would be preferred.

Except when you have a restrictive firewall in the way that might block the UDP packets. In that case you would want a TCP VPN using some port that you would not expect to be blocked (port 80 or port 443).

My question has to do with setup. Specifically in a Tomato firmware router. Under the "VPN tunneling" menu you have the option of setting up TWO servers. So why not set up one as UDP and the second one as TCP? When configuring your clients, you could have their setup use UDP for the fastest potential network speed. And in the case where you run into a restrictive firewall, you could switch the client config to use the TCP VPN instead.

Is this a standard way people here are setting things up? Or am I missing something? It would seem you'd want to set up your Tomato router to allow both types of VPN protocol, and make the choice of which one to use at the client end, depending on what situation the client was in (restrictive firewall or not) at the time you want to connect. Am I understanding what Tomatos options for "Server 1" and "Server 2" are correctly? Are you really running two different VPN servers simultaneously, allowing the client end to choose which one they want?

Seems to me that if you were only running one VPN server, and you always wanted to be able to connect even when faced with restrictive firewalls, you should set up a TCP VPN on a common non-blocked port. I see no reason to set up a UDP-only VPN server, because you'd potentially block yourself if you ended up behind that restrictive firewall you didn't anticipate. But setting up both types, if indeed I am interpretting what Tomato does correctly, sounds like the ideal solution. You would default to UDP on the client end for fastest performance when streaming and such, but still have the slower TCP fallback to guarrantee you could get through in restrictive environments.

Hi,

Your TCP/UDP reasoning makes sense to me. Where I have a choice, I use UDP almost all the time, and only use TCP on very unreliable networks, where it does seem to help a bit.

I've used dual server setups on Linux without any problems. While I haven't tried it on Tomato specifically, my understanding is that it is indeed running two different openvpn servers concurrently, so I see no reason for it not to work there.

Please post back with your results if you do try this.

Good luck!

Yes, it appears that Tomato does allow you to run two independant VPN servers. I have the UDP/TUN VPN server running and working for clients, but failed on my first attempt to connect to the TCP/TAP VPN server. This failure is probably a user error on my part when configuring the TCP/TAP one, but I haven't had a chance to debug it yet. However, the bottom line is that Tomato does appear to be running both servers simultaneously, which was my initial question.