IPSec is indeed hell with NATs, and an SSL VPN would be much better. But UDP is ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		agwa on March 28, 2015 \| parent \| context \| favorite \| on: Why TCP Over TCP Is a Bad Idea (2001) IPSec is indeed hell with NATs, and an SSL VPN would be much better. But UDP is even better - most NATs do a good job with UDP too, and if done right, it's possible to switch Internet connections without the VPN having to reconnect.

eps on March 28, 2015 | [–]

The hell are you fellas smoking? IPsec NAT traversal has been a non-issue since it was standardized about 10 years ago.

mordechai9000 on March 28, 2015 | [–]

DTLS is a standard protocol for TLS over UDP. It is used by existing commercial products, such as Cisco Anyconnect.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact