Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] A Dead Simple VPN (github.com)
9 points by UkiahSmith 81 days ago | hide | past | web | favorite | 4 comments

>- Runs on TCP

Tunneling TCP over another TCP is usually a bad idea because if any packet loss occurs both TCPs will detect it and start issuing retransmits on their own. This can lead to packet storms and really ruin your day.

There are ways around that (like to proxy instead of tunnel), but they are not "dead simple" like this.

Quote from README:

> TCP-over-TCP is not as bad as some documents describe. It works surprisingly well in practice, especially with modern congestion control algorithms (BBR). For traditional algorithms that rely on packet loss, DSVPN couples the inner and outer congestion controllers by lowering TCP_NOTSENT_LOWAT and dropping packets when congestion is detected at the outer layer.

Discussion from 4 days ago Dead Simple VPN https://news.ycombinator.com/item?id=20487707

Thanks for that link. That looks awesome, especially compared to an OpenVPN setup (and yes I am aware of the fact that this project is not as sophisticated by far, but the default use case - VPN - is covered good enough :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact