OpenVPN over TCP vs. UDP: What is the Difference, and Which Should I Choose?

SECURITY Updated on: 20 October 2018

TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are, essentially, the main transports over which OpenVPN can work. Each of them is different, offering unique advantages and disadvantages.

Most VPN providers let their users choose which of the protocols to use, for simplicity’s sake, but also because the choice is entirely reliant on the personal preferences of every user.

Let’s get to it, then.

1. TCP – pros and cons

Let’s start with TCP, which is often dubbed as the most reliable protocol on the internet.

Pros:

  • Highly reliable and guaranteed to maintain a seamless connection
  • Connection-oriented, with each packet of data being closely tracked
  • Acknowledgment sequencing, as every singular packet of data needs to receive a confirmation when received
  • Segment sequencing – all transmissions are sent in a precise order which increases overall efficiency
  • Segment retransmission (error correction protocol), in case the network packets were received in the wrong order

Cons:

  • Considerably slower speed when looking at the overall workload and the various steps involved

Conclusion

The fact that it’s the most commonly used protocol on the internet should be an argument by itself. Mainly, it’s thanks to the error connection protocol that it pushes forward.

Basically, in the network packet exchange between a computer and TCP, the latter waits for confirmation that the packet was received before sending another one.

This increases reliability by a large margin because the data is guaranteed to reach its recipient. If the confirmation is not received, the packet is resent until TCP receives a valid confirmation.

So, if it’s reliability and a steady connection you’re looking for, TCP is your cup of tea.

2. UDP - pros and cons

The UDP protocol functions in almost the same way as TCP, with a few differences concerning all the extra steps that TCP takes in order to guarantee maximum reliability.

Pros:

  • Best effort protocol, delivering a lightweight and considerably faster connection speed
  • Seamless connection based on speed over quality

Cons:

  • Unreliable
  • Connectionless
  • No sequencing acknowledgment
  • No segment sequencing
  • No retransmission, hence no error connection

Conclusion

While UDP is exponentially faster than TCP, it is only at the expense of its reliability. It doesn’t ensure a guaranteed connection because it doesn’t abide by the rules of packet retransmission and acknowledgment.

You can’t be sure if the packets or messages will reach their destination at all.

If problems appear with the packets, the process continues unimpeded. That’s the UDP policy, more or less. If it didn’t hit the mark, then it’s abandoned. Moreover, the packets are not sent in any particular order and will have to be decrypted and structured by another application.

However, UDP still remains the best internet protocol to be used when running applications that require a fast and efficient transmission like games. Speed is of the essence, and UDP excels in this category.

3. Should you choose TCP or UDP?

It depends on what you want to use the internet for. For instance, if you want to stream movies or if you’re planning on putting in 12 hours straight into World of Warcraft, then UDP is your best bet.

Since it doesn’t bother itself with waiting for any confirmation or correcting any problems, the connection is much swifter and fluid, delivering instant responses and a constant speed that will not disappoint.

If you’re experiencing any connection problems, you might want to switch to TCP instead. That’s what the majority of the VPN providers do.

Now, regarding the loss of speed when using TCP, it’s debatable at the very least because it depends a lot on the distance between your device and your VPN provider’s server.

The farther you are from the server, the longer it takes for the connection packets to be received. If we’re to take the eventual errors into considerations, the speed will drop considerably.

At the same time, this also means that you will barely notice any speed fluctuations if the VPN’s server is close by. You get to strike two birds with one stone, as you’ll benefit from a constant and uninterrupted connection, while also going full-speed ahead.

Speed plus reliability, in one fell swoop. What more could you want?

Generally, you should only consider using TCP when you have a reason to believe your connection is going to cause problems. Until then, stay on top of the game with the lightning-fast UDP.

4. Reign supreme with OpenVPN running on TCP port 443

The SSL encryption is your pirate chest, carefully buried on the cyber-beach, in the shade of the OpenVPN palm.

Before gathering the treasure, however, some context is needed. On the internet, there are certain websites that are secured with an SSL encryption, which makes it all the more protected and privacy-oriented.

You can know a website’s running on SSL by looking at its URL. It should look something this – https://, the “s” at the end stands for “secure”. You should also have a lock-shaped icon at the left of the URL, reinforcing this idea.

There weren’t many websites that used this kind of secure encryption in the past. Only banks, governmental agencies, and other such sites would rely on SSL encryptions. Nowadays, this type of cyber-safety measure has become the norm.

The reason SSL encryptions are the building blocks of any reliable and respected website is that they are basically unbreakable. Trying to hack or bypass them will crash the internet, literally.

And SSL uses the TCP port 443.

Now, what could possibly be OpenVPN’s preferred encryption protocol? You guessed it, TCP port 443. Even more, because there’s basically no difference in appearance when using SSL and OpenVPN, combining them both seems like the only reasonable choice.

This is because:

  • It’s near impossible to differentiate between SSL traffic and OpenVPN-based traffic
  • Trying to bypass SSL encryptions will result in serious problems with your internet connection

Running OpenVPN over TCP port 443 will greatly increase your overall security and the strength of your digital defence. Get the pirate chest for yourself, use the TCP port 443 as a lock to secure it, and no one-eyed thug will ever be able to break it.

Untraceable, slippery, and impossible to subdue.

5. The bottom line

TCP – maximum reliability at the cost of speed, possible stutters, and drops in connection fluidity. For example, in most MMO games that run on TCP, there are considerable problems with lag and the occasional freeze. The connection is lost, and responses are coming late.

Why? Because some packets have to be resent, the process of checking each and every individual one is just one more time-wasting addition, and this results in horrific delays.

UDP – maximum speed at the cost of overall reliability. It completely gives up on trying to correct every single issue with the packets and thus creates a steady and uninterrupted connection. It’s especially used in video streaming and online games.

If a packet fails to meet its destination, this won’t put a stop to the whole process, which might result in a traffic jam. Rather, it will go over it seamlessly. Distortions will appear, but I assume you prefer those instead of the ever-so-popular freezing.

In the end, you can use the slow-moving but near-unassailable behemoth TCP or the lightning fast UDP. Or you can even mix them together.

You should use the best tool for the right job, it’s what I’m saying.