Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Disable TCP retransmission on OpenVPN interface?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sebastiannielsen
      last edited by

      How I do to disable TCP retransmission on a specific OpenVPN client interface?

      I have a vpnstaticip.com account, and their servers do only offer TCP. However, TCP over TCP is a bad idea due to the nested TCP retransmission timers.

      Connecting to a vpnstaticip.com over pfsense, quickly stalls the Connection with 100% packetloss, causing the whole machine going down due to full TCP buffers, due to all those nested TCP retransmissions.

      The best idea here would then to disable TCP retransmission completely on the client end for the OpenVPN client instance. I dont Think the TCP retransmission on the server to client end would be a problem since when the client does not retransmit lost packets, then the "infinite loop" is breaked and the server instance can empty their TCP buffers.

      Or do you have any other idea on how the TCP in TCP problem can be solved?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Get an account elsewhere. Frankly, this is such a dumb idea that I'm quite astonished someone's actually selling this at rather hefty price.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          ^ that
          TCP is layer 4, end-to-end between the end-node devices (a client on your LAN and a server out in the big bad internet somewhere). That end-to-end (re)transmission control needs to stay working so it can cope with any packets lost on some other hop from LAN client<->pfSense<->VPN server<->internet-routers…<->final-destination-server - if you somehow stopped passing those real NACKs and/or retransmissions between the end-nodes then they would be in real trouble.
          And there is no option on OpenVPN to tell it "use TCP for this OpenVPN hop, but actually do not bother about sending ACKs or checking for packet loss or retransmitting lost packets" - that option is called UDP, use it!

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.