Tunneling TCP over another TCP is usually a bad idea because if any packet loss occurs both TCPs will detect it and start issuing retransmits on their own. This can lead to packet storms and really ruin your day.
There are ways around that (like to proxy instead of tunnel), but they are not "dead simple" like this.
> TCP-over-TCP is not as bad as some documents describe. It works surprisingly well in practice, especially with modern congestion control algorithms (BBR). For traditional algorithms that rely on packet loss, DSVPN couples the inner and outer congestion controllers by lowering TCP_NOTSENT_LOWAT and dropping packets when congestion is detected at the outer layer.
Thanks for that link. That looks awesome, especially compared to an OpenVPN setup (and yes I am aware of the fact that this project is not as sophisticated by far, but the default use case - VPN - is covered good enough :)
Tunneling TCP over another TCP is usually a bad idea because if any packet loss occurs both TCPs will detect it and start issuing retransmits on their own. This can lead to packet storms and really ruin your day.
There are ways around that (like to proxy instead of tunnel), but they are not "dead simple" like this.