>> Ahem... if your VPN software is using TCP rather than UDP or raw IP, >> then I strongly recommend that you choose a different VPN vendor.
> that's not good advice. tcp to 443 and other uses in general are > quite acceptable. (ok, i do favor AH/ESP or UDP, but TCP is still > quite usable and useful) That's not a VPN. That's encryption at the application layer, and that's fine. > with Tor your tcp endpoint is terminating quite close, in this case on > the same host stack or one host over. That's not TCP over TCP. That's two TCP connecitons put end to end, and that's fine. > the performance hit for TCP over TCP in Tor land is the latency and > bandwidth associated with onion routing, not nested TCP transport. There is no nested TCP in normal tor operation; there's multiple layers of SSL encryption over a single TCP connection. On the other hand, if you run a layer 2 VPN over tor, you get TCP within IP within multiple layers of SSL within TCP. And that's not good, either for your performance, or for the network. Juliusz