Some questions about SPTPS
Etienne Dechamps
etienne at edechamps.fr
Wed Aug 13 01:03:15 CEST 2014
On 12/08/2014 23:37, Tim Eggleston wrote:
>> I wholeheartedly agree. I often use tinc in "road warrior" scenarios
>> where it is very convenient to be able to connect to the VPN even in
>> extremely hostile network environments (the typical airport/hotel
>> crappy Wi-Fi). I believe Skype is the champion in that category, and
>> we should aspire to do the same.
>
> Hopefully this isn't too off-topic for this thread (it totally is but
> I'm going to plow on anyway!), but can you give me a quick precis of the
> benefits that tinc would provide in a road-warrior scenario over
> something like OpenVPN on tcp/443 (i.e. very unlikely to be blocked
> anywhere)? The OpenVPN server already has secure routes to everywhere
> else in my network, so the only connection I'm thinking about here is
> the remote guy -> server, I'm not really considering the mesh
> capabilities of tinc in this instance.
If you're asking if tinc is better at establishing a connection than
OpenVPN on TCP 443, the answer is no. The real benefit of tinc is about
performance: contrary to OpenVPN, it will automatically detect and use
the most efficient method to get packets through, and it will do it
without any user involvement.
So, for example, if there is a way to get UDP going between you and the
server, tinc will automatically use it, and fall back to TCP if it
can't, without you having to do anything. (as a reminder, tunnelling TCP
over TCP is very inefficient and you shouldn't do it unless you
absolutely have to) It's able to do that with full UDP hole punching
support so that it can circumvent NATs, and it extends these features to
the entire tinc graph (whereas OpenVPN is centralized).
Sure, if you only care about establishing a connection, then there's no
difference between OpenVPN and tinc. The real difference is that tinc
will be able to get the most out of the network you're on, whereas with
OpenVPN you'll be stuck with the lowest common denominator (i.e. TCP
over TCP going through a single centralized node).
--
Etienne Dechamps
More information about the tinc
mailing list