<div dir="ltr">In some case, tcp tunnel is faster and more stable than udp tunnel. Internet route hop is unreliable.<div>So please don't remove TCPOnly, it may help someone force to use tcp tunnel.</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Jun 18, 2014 at 9:46 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="">On Wed, Jun 18, 2014 at 03:18:30PM +0200, Nick Hibma wrote:<br>
<br>
> Consider the case where you have the following setup<br>
><br>
> client - fw - server<br>
><br>
> The client and server successfully setup a tunnel and UDP communication starts to happen. Then the client shuts up and the server only needs to send data to the client if the remote tool accesses the client’s UI.<br>
><br>
> If the firewall times out the NAT UDP hole, the server has a problem: The UDP tunnel has been marked as possible, but the UDP tunnel does no longer work because the fw has timed out the UDP hole it punched.<br>
><br>
> PING/PONG packets are sent on the meta channel, so that is not a solution.<br>
<br>
</div>Tinc also sends PMTU probes via UDP at the same interval as the<br>
PING/PONG packets via the meta channel. They help to keep the UDP NAT<br>
mapping alive, and also allow tinc to detect when UDP is not possible<br>
anymore, and will cause it to fall back to TCP in that case.<br>
<div class=""><br>
> My suggestion is to remove the word ‘obsolete’ from the man page. And perhaps reconsider what could be done about the above.<br>
<br>
</div>Tinc nowadays automatically detects changes in UDP reachability,<br>
therefore I believe that manually setting TCPOnly is no longer<br>
necessary. The option will still be available in 1.0.x, but I might<br>
remove it from 1.1.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Met vriendelijke groet / with kind regards,<br>
Guus Sliepen <<a href="mailto:guus@tinc-vpn.org">guus@tinc-vpn.org</a>><br>
</font></span><br>_______________________________________________<br>
tinc mailing list<br>
<a href="mailto:tinc@tinc-vpn.org">tinc@tinc-vpn.org</a><br>
<a href="http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc" target="_blank">http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>@hshh
</div>