Testing Sophos SSL VPN Performance - UDP or TCP?
Testing Sophos SSL VPN Performance - UDP or TCP? When configuring a Site-to-Site VPN on your Sophos SG or Sopho XG, you are presented with an option to select either TCP or UDP as the transport protocol. The configuration page hints that UDP provides better performance, so I thought it would be interesting to test the SSL VPN performance over both UDP and TCP protocols and find out which one is faster! Simple TCP/IP, UDP connection by using UART Comm Tunnel is a FREE tool to connect two endpoints for Serial Port, TCP/IP or UDP. Features: Build a tunnel between two endpoints. Support Serial Port, TCP/IP Server, TCP/IP Client and UDP. Display data in Text, Hex and Decimal format. Enumerate all available serial port on computer . Requirement: Windows XP, Windows Vista, Windows 7.Net
Tunneling a TCP-encapsulating payload (such as PPP) over a TCP-based connection (such as SSH's port forwarding) is known as "TCP-over-TCP", and doing so can induce a dramatic loss in transmission performance (a problem known as "TCP meltdown"), which is why virtual private network software may instead use a protocol simpler than TCP for the
typically tunnel packets over UDP. In addition we also have have socket types like PF RDS  and the newly proposed PF KCM  socket which tunnel over TCP. All of these technologies tunnel application and/or tenant payloads over a Layer 4 protocol in the Network stack. In all these cases, the TCP or UDP socket is a kernel socket OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single TCP/UDP port. Another design option is to provide a VPN-like tunnel for sending and receiving TCP packets over UDP. The idea is to use tunneling solutions between hosts so that hosts can use the kernel TCP stack and unmodified socket functions calls. one increasingly common reason is to use udp to wrap a new transport that can be distributed without operating system permission. QUIC is an example of this, as is SCTP over UDP ala webrtc. Tunnels/VPN also work this way, because you don't want to tunnel TCP in TCP as two layers of flow and congestion control interact poorly.
(The choice for UDP, instead of another IP-level protocol like IPsec does, is for several reasons: this allows to distinguish tunnels by their port number, and it adds the ability to run over SOCKS.) The datagram carrier has exactly the same characteristics as plain IP, for which TCP was designed to run over.
MTU size and UDP on GRE tunnels - Cisco Community