On Tue, Jul 7, 2009 at 11:27 AM, Thomas Charron<twaf...@gmail.com> wrote: >> I forward just TCP, as I have multiple people VPNing in, but you could >> also forward UDP if that isn't an issue.
On Tue, Jul 7, 2009 at 11:35 AM, Drew Van Zandt<drew.vanza...@gmail.com> wrote: > No idea what multiple people using it has to do with anything, as I forward > only one UDP port through my router and have many people connected to > my VPN. Tom is convinced that UDP through NAT causes instability in the space-time continuum or something. ;-) He and I had a long argument about it on this list once. (As I understand it, his point was that UDP, being unidirectional, doesn't guarantee that port numbers will be symmetrical, and thus you can't count on UDP returning over NAT reliably. Which is true, so far as it goes. My point was that in practice, port numbers usually are symmetrical. Certainly OpenVPN works that way.) Since we're on the subject: It's generally recommended to avoid tunneling TCP over TCP, which is what you end up doing if you run OpenVPN over TCP. It's often not a problem if the connection is reliable, but if you encounter packet loss or congestion, both TCP layers end up retrying together, which tends to compound the original problem. Myself, I've never tried to run OpenVPN on a bitty box like a LinkSys router. CPU power would be my concern; crypto takes lots of cycles. But I can say OpenVPN is quite NAT friendly. We've been running it that way for years at work. -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
