[ previous ] [ next ] [ threads ]
 From:  Vincent Fleuranceau <vincent at bikost dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VNC Problem
 Date:  Thu, 07 Oct 2004 09:51:56 +0200
-------- Original Message --------

> Does anyone know why VNC will no longer get routed through to my PC?
>  It worked well once, but now simply times out. The internal address
>  of the pc hasn't changed, nor has the external of the WAN
> connection.
> Any input is appreciated.

I've been experiencing troubles using VNC through an IPsec tunnel (based
on DSL connections): it sometimes freezes during the 'initial screen
loading' phase. And I have the same kind of problem with an SQL
application which sends tons of data through the wire.

I'm not sure what the reason is, but I've recently found the following
explaination in a document related to OpenVPN:

"[...] If you are wondering why UDP is used instead of TCP, there are
problems when you tunnel TCP over TCP. TCP keeps track of packet
sequence and packet loss and requests that missing packets be resent,
which is a good thing when you only have one layer of TCP. It also has
adaptive timers that dictate how long it will wait before it requests
resends. This interval changes and basically increases exponentially as
failures to receive packets continue. If you have TCP riding on top of
TCP, you now have two flow control layers that are each providing timers
and resend requests. If things line up poorly, for instances the lower
TCP layer has a longer interval than your higher layer you can get a
build up of requests from above that cause an internal meltdown in your
flow control system. You end up slowing your TCP connection down to a
crawl as redundant layers of flow control work against each other in an
attempt to get packets resent."

source: http://www.sans.org/rr/papers/20/1459.pdf

Who knows?
(to be honest, I think Fred W. knows ;-)

-- Vincent