
A Dead Simple VPN - UkiahSmith
https://github.com/jedisct1/dsvpn
======
nn3
>\- Runs on TCP

Tunneling TCP over another TCP is usually a bad idea because if any packet
loss occurs both TCPs will detect it and start issuing retransmits on their
own. This can lead to packet storms and really ruin your day.

There are ways around that (like to proxy instead of tunnel), but they are not
"dead simple" like this.

~~~
chupa-chups
Quote from README:

> TCP-over-TCP is not as bad as some documents describe. It works surprisingly
> well in practice, especially with modern congestion control algorithms
> (BBR). For traditional algorithms that rely on packet loss, DSVPN couples
> the inner and outer congestion controllers by lowering TCP_NOTSENT_LOWAT and
> dropping packets when congestion is detected at the outer layer.

------
Fnoord
Discussion from 4 days ago Dead Simple VPN
[https://news.ycombinator.com/item?id=20487707](https://news.ycombinator.com/item?id=20487707)

------
chupa-chups
Thanks for that link. That looks awesome, especially compared to an OpenVPN
setup (and yes I am aware of the fact that this project is not as
sophisticated by far, but the default use case - VPN - is covered good enough
:)

