On Fri 12 Dec 2014 06:19:37 NZDT +1300, Karl Fife wrote: >> The VPN should protect from all MITM attacks and snooping between >> the VPN client and server. > > This is a great idea, but I find that routing all traffic through > VPN causes problems in marginal (lossy or congensted) networks. I'm > curious to know if others have also had this pain point, and whether > you've had any success by simply sending VPN over TCP.
What you are seeing is the additional overhead of the VPN, both in encapsulation and in delay. There is no way around that. I expect tcp to be even worse (but able to detect missing packets). That's the price you pay. Ideally I'd like to have flexible and user-friendly control over what data goes over the VPN and which DNS is used. It happens that one has to look up some hosts of the provider and can't tunnel the DNS, which is always annoying. It is possible that other VPNs, in particular IPsec, have lower overheads. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list