[Felix Deichmann <f.dei@web.de>]
> Have you considered vtun, which can also handle tunnels over tcp?

I hadn't.  I now have poked around a bit on the vtun.sourceforge.net
webpages (sigh!) but saw nothing to indicate that it would be
significantly different from my own tunneling in any relevant way.

[Greg Troxel <gdt@ir.bbn.com>]
> I suspect that your packets have to look enough like TCP to keep the
> NAT box happy, but that doesn't mean that you have to do either
> congestion control or retransmissions.

Oh, now that is an *evil* thought.  Basically, it looks like doing UDP
with the IP type fields set to TCP.

> You could add a sockopt to have TCP not look at congestion window,
> and only keep the most recent segment around to retransmit.

Why keep even one segment to retransmit?

[Jason Thorpe <thorpej@shagadelic.org>]
> UDP is a datagram protocol, just [as] IP is.  That means it will have
> the same network dynamics as IP.  The downside is that you need to
> reduce the MTU of the encapsulated IP datagram so that the outer UDP
> datagram is not fragmented.

Only if you want to precisely duplicate the network dynamics.  If you
don't mid the loss rate and latency increasing for large packets, you
can go ahead and let the UDP packets get fragmented.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B