Generally speaking, tunneling TCP inside TCP is a bad idea. Yes, it’ll “mostly” ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jsjohnst on Feb 14, 2018 \| parent \| context \| favorite \| on: Don't use VPN services Generally speaking, tunneling TCP inside TCP is a bad idea. Yes, it’ll “mostly” work with the added latency you mentioned, but it can go very poorly if the network starts having packet congestion or dropped packets. If the “outer” VPN is UDP or IPsec, then not as much an issue, but many of the VPN providers commonly used are TCP based (of the ones I spot checked from a google search anyway). And remember, since they are TCPinTCP already, you are just making the situation even more likely to occur. Further reading: http://sites.inka.de/bigred/devel/tcp-tcp.html

slrz on Feb 14, 2018 [–]

Most VPN systems use UDP, with TCP possibly being supported as a fallback solution for when UDP connectivity is broken.

The exception are things like SSH tunnels using sshuttle but they call themselves a "poor man's VPN" for a reason.

yjftsjthsd-h on Feb 14, 2018 | [–]

Though ironically sshuttle claims to fix this problem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact