Disable TCP retransmission on OpenVPN interface?



  • How I do to disable TCP retransmission on a specific OpenVPN client interface?

    I have a vpnstaticip.com account, and their servers do only offer TCP. However, TCP over TCP is a bad idea due to the nested TCP retransmission timers.

    Connecting to a vpnstaticip.com over pfsense, quickly stalls the Connection with 100% packetloss, causing the whole machine going down due to full TCP buffers, due to all those nested TCP retransmissions.

    The best idea here would then to disable TCP retransmission completely on the client end for the OpenVPN client instance. I dont Think the TCP retransmission on the server to client end would be a problem since when the client does not retransmit lost packets, then the "infinite loop" is breaked and the server instance can empty their TCP buffers.

    Or do you have any other idea on how the TCP in TCP problem can be solved?


  • Banned

    Get an account elsewhere. Frankly, this is such a dumb idea that I'm quite astonished someone's actually selling this at rather hefty price.



  • ^ that
    TCP is layer 4, end-to-end between the end-node devices (a client on your LAN and a server out in the big bad internet somewhere). That end-to-end (re)transmission control needs to stay working so it can cope with any packets lost on some other hop from LAN client<->pfSense<->VPN server<->internet-routers…<->final-destination-server - if you somehow stopped passing those real NACKs and/or retransmissions between the end-nodes then they would be in real trouble.
    And there is no option on OpenVPN to tell it "use TCP for this OpenVPN hop, but actually do not bother about sending ACKs or checking for packet loss or retransmitting lost packets" - that option is called UDP, use it!


Log in to reply