OpenVPN can run over either the TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) transports. Choosing which one to use is a highly technical issue, and one that most VPN providers (quite understandably) keep hidden ‘behind the scenes’.
Some VPN providers, however, prefer to let customers choose which connection protocol they prefer. The reason for this is that while both offer distinct advantages and disadvantages in
TCP vs UDP, OpenVPN vs TCP, UDP vs OpenVPN... What is the difference, exactly?
TCP is, in general, the most commonly used connection protocol on the internet, as it offers error correction (and is therefore known as a ‘stateful protocol’). Whenever a computer sends a network packet using TCP, it waits for confirmation that the packet has arrived before resending the packet (if no confirmation is received), or sending the next packet (if confirmation is received).
This means there is ‘guaranteed delivery’ of all data, making the protocol very reliable, but there is a considerable overhead as packets are sent, confirmed, re-sent etc., making it quite slow.
UDP is referred to as a ‘stateless protocol’ as it performs no such error correction, simply receiving packets with no
- TCP = reliable
- UDP = fast
Which one to use?
Which one you use, therefore, depends on whether reliability or speed is your primary concern, and, in general, UDP is better for streaming
However, how much TCP actually slows a connection down in practice can be very dependent on other network factors, with distance being the most important. The further away you are from your VPN server geographically, the further TCP packets have to travel to and fro, and therefore the slower your connection will be. If the server is relatively close-by, then you may not see much of a speed loss, while benefiting from a more reliable connection.
That said, probably the best general advice is to use the faster UDP protocol unless you experience connection problems, which is the strategy adopted by most VPN providers by default.
Defeat censorship with OpenVPN on TCP Port 443
When you connect to a secure website your connection is protected by SSL encryption. You can tell that a website is secure because its URL (web address) begins with https:
SSL is the cornerstone of security on the internet, and any attempt to block it effectively breaks the internet (which hasn't stopped places such as Iran trying!) SSL runs over TCP port 443.
The interesting thing for OpenVPN (which is based on the OpenSSL libraries) is that
- It is very difficult
detectthat OpenVPN is being used rather than regular SSL
- It is almost impossible to block without breaking the internet.
Some custom VPN clients allow you to select TCP port 443, or it can often be configured manually (ask your VPN provider for settings.)
- Related articles: How to