Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Open VPN vs IPsec Vpn

    Scheduled Pinned Locked Moved OpenVPN
    12 Posts 4 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kalu
      last edited by

      hi Nachfalke Thanks for the reply
      Yes i use TCP. (will change to UDP and see the effect)
      in open VPN i'm using (peer to peer sharedkey)
      thanks
      kalu

      i love pfsense because i love open source.

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        TCP is a bit "heavy" protocol in vpn use, with it's ack's and resending missing data

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by

          The problem of TCP in OpenVPN is, that you use TCP for the OpenVPN tunnel itself and in most cases a second time TCP for the traffic in the tunnel. so there is "double TCP" and then you have the double of overhead like Metu69salemi said in his post.

          1 Reply Last reply Reply Quote 0
          • K
            kalu
            last edited by

            Thanks guys.
            but i still have one question.
            what features are unavailable if i don't use TCP and use UDP.
            mainly i'm confused where to use TCP and where to use UDP.
            thanks in advance
            kalu

            i love pfsense because i love open source.

            1 Reply Last reply Reply Quote 0
            • N
              Nachtfalke
              last edited by

              There is no difference in "features" depending OpenVPN. The only difference while using OpenVPN is the speed enhancement with UDP.

              If you like to know the differences between UDP and TCP use google or wikipedia.

              1 Reply Last reply Reply Quote 0
              • K
                kalu
                last edited by

                Thanks Nachtfalke
                :)

                i love pfsense because i love open source.

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG
                  GruensFroeschli
                  last edited by

                  If you want to use the VPN tunnel via an http/https proxy you must use TCP.
                  –> http://openvpn.net/index.php/open-source/documentation/howto.html#http

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • N
                    Nachtfalke
                    last edited by

                    @GruensFroeschli:

                    If you want to use the VPN tunnel via an http/https proxy you must use TCP.
                    –> http://openvpn.net/index.php/open-source/documentation/howto.html#http

                    Shame on me!
                    That was new information for me. Thanks!

                    1 Reply Last reply Reply Quote 0
                    • K
                      kalu
                      last edited by

                      nice piece of information Nachtfalke thanks
                      i didn't knew that either
                      kalu

                      i love pfsense because i love open source.

                      1 Reply Last reply Reply Quote 0
                      • GruensFroeschliG
                        GruensFroeschli
                        last edited by

                        Well it's rare that you need to use OpenVPN via an http/https proxy ^^"

                        For roadwarriors which have to go regularly into environments where security is very tight, i have a second instance of our normal openVPN server (UDP 1194) with the same keys/certs providing access on TCP 443.
                        This usually allows them to reach our main-office.
                        But this is more of a failover if the normal server isn't reachable.

                        We do what we must, because we can.

                        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.