OpenVPN over TCP vs UDP: What’s the Difference, and Which Should I Choose?

Updated on: 21 July 2020
Updated on:21 July 2020

If you use a VPN regularly, you probably know that almost all VPN vendors provide OpenVPN protocol because OpenVPN is a secure and reliable open-source solution.

Both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are protocols for sending data packets through the internet built on top of the Internet Protocol. They’re also the main transports over which OpenVPN can operate. Both network protocols provide privacy and security.

Yes, each has its own pros and cons, but the choice of which protocol to use depends entirely on your preferences. While neither option outperforms the other in all aspects, you should think about your usage and security needs before choosing the best one for you. This is why many VPN vendors allow users to choose which protocol to use.

This article will give you a basic understanding of your options, their advantages and disadvantages, and when to use a particular protocol.

OpenVPN over TCP vs UDP

Introduction to Transmission Control Protocol (TCP)

TCP is a stateful or connection-oriented protocol that allows communication among devices in a network. Once it takes messages from the application layer, it forwards them to the network after dividing them into packets. TCP makes sure the connection is established and maintained steadily until the transfer of packets is complete. This is why it’s connection-oriented.

Once a packet is received at the other end, the sending end waits for an acknowledgment from the receiving end before sending the next packet. This guarantee of data-receiving is what makes this protocol the most reliable one out there.

Let’s take a look at the benefits that TCP offers.

TCP Pros

  • Connection-Oriented – TCP is known to be a connection-oriented or a stateful protocol. It establishes a connection and maintains it throughout the session until the receiver has successfully completed sending messages.
  • Acknowledgement Sequencing – TCP is known for its acknowledgment sequencing behavior. It waits for confirmation from the other end for every data packet before sending the next one. If no confirmation is received when the wait is over, it resends the same packet.
  • Segment Sequencing – A message is divided into packets and then they’re numbered. TCP reassembles them into the correct order before sending. If the packets are received in the wrong order because of networking issues, the sender can easily put them in order as they’re numbered.
  • Bypassing Strict Firewalls – Bypassing even the most strict firewalls is easy with TCP VPN tunnels. They’re not usually blocked as they operate on common ports like 80 or 443.
  • High Compatibility – TCP is the most popular protocol used in the internet; almost all networks ensure broad compatibility with it.

Yes, TCP can do the job, but it has some disadvantages you may need to consider.

TCP Cons

  • High Overhead and Lag – There’s considerable overhead with a TCP connection, as confirmations are needed for every packet transmitted. The receiver should always send an acknowledgment to the sender to receive the other data.
  • Also, if you’re experiencing a loss of connection at live conferences or VoIP, TCP would be a pain to endure, as it keeps retransmitting the lost data. So, if you’re using TCP, there will be a certain lag or delay when receiving data.

Conclusion About TCP

TCP is the most reliable and most commonly used protocol on the internet. That may be enough reason to choose TCP over UDP. This is mainly due to the error correction and data stream controlling mechanisms used in TCP. They make sure that the packets sent by the sender are received by their intended receivers uncorrupted and in the right order. This is what makes the connection error-free.

As mentioned, TCP waits for acknowledgment by the receiver that the packet was received successfully prior to sending the next one. In other words, you can rely on TCP for successful delivery of messages. So, TCP may be the ideal choice for you if you seek a reliable and steady connection.

Introduction to User Datagram Protocol (UDP)

Because of TCP’s speed issues, you might prefer another protocol to be used over OpenVPN. With its ability to omit certain steps in TCP, UDP may be a good alternative for you.

Although UDP is another popular internet protocol, it’s used only in specific circumstances. The main difference between UDP and TCP is that UDP has no error correction mechanisms.

UDP is considered to be stateless or connectionless communication, and no prior communications are needed to set up a connection between the sender and the receiver. It provides checksums to check data integrity and port numbers to take care of functions at the receiving end of the data — or in this case, a datagram.

Let’s see the various advantages that come with UDP.

UDP Pros

  • Suited for Streaming and Online Gaming – UDP is ideal for low-latency applications such as Gaming or VoIP, and for video- or audio-streaming. Even if you experience a loss of connection at times, it would be better to have a loss of data than a delay in transmitting time-sensitive data.
  • High Speed and Performance – Given that fewer steps are involved in data transmission with UDP, it’s a lot quicker than TCP. Here, no acknowledgments are required to continue the connection, and you can receive and send data faster.
  • Saves Bandwidth – No error correction is involved with UDP. Even if the data packets are lost on the way, retransmission isn’t done. This saves you a lot of bandwidth.

Having high speed is good, but at what cost? Now let’s check the disadvantages of UDP.

UDP Cons

  • Unreliable Connection – There are no handshaking dialogs done here either prior to establishing a connection or in managing the connection. So, the connection is unreliable, and you’re exposed to threats in the underlying network.
  • Loss of data packets – Successful delivery of the datagrams and ordering isn’t guaranteed in UDP. This is why we say that there are no error-correction facilities. You may experience data loss, but they won’t be retransmitted as they are in TCP.
  • Less Compatibility – In internet-censoring countries, VPN traffic is blocked. The OpenVPN connections over UDP may fail, as they’re restricted, and it won’t be easy to bypass firewalls with it.

Conclusion About UDP

As should now be apparent, there are consequences of going with a speedy connection with UDP. Unless you’re looking for higher performance and a fast protocol, it might be better to go with TCP.

Unlike TCP datagrams, UDP datagrams contain no sequence number to order the packets received. So users are likely to use other applications along with UDP to reorder the data packets.

However, if you’re interacting with real-time services such as gaming, live conferences, VoIP, it’s better to switch to UDP. That way, it won’t process delayed data, ensuring that you enjoy high performance.

It’s no wonder that some of the fastest VPN vendors out there choose UDP as their default configuration protocol with OpenVPN. In fact, here’s what OpenVPN itself says about the two protocols:

Which Should I Choose? TCP or UDP?

Again, it depends on your requirements.

There’s a tradeoff between reliability and speed. For instance, if speed is your primary concern, then UDP is your best option. Streaming HD movies and playing games online are much easier with UDP.

If you prefer reliability, then go with TCP. Yes, you may experience slower data transmission, but TCP is used with many internet services and therefore trusted by many.

You can also switch to TCP, abandoning the default UDP configurations when you experience connection problems. However, be sure to change ports prior to switching your protocol, as many of the connectivity problems aren’t caused by the connection type, but because the ISP is blocking the VPN ports.

In regard to the slow transmission in TCP, it may also depend on how far you are from the VPN server. If you select the VPN server nearest to you, the slow connections will drop considerably.

Configuring ExpressVPN with OpenVPN

ExpressVPN is by far the best VPN provider in the industry. Like many VPN applications, even ExpressVPN uses OpenVPN by default when the protocol option is “Automatic.” As suggested by ExpressVPN’s website, users can choose the optimal protocol by changing the settings. This is just a two-step process:

1. Go to Options.

2. Select your preferred protocol.

OpenVPN Running on TCP Port 443 vs Government

Censorship

Running OpenVPN over TCP brings extra advantages as well. This is about how to defeat the government censorship with TCP port 443. As many of us know, some countries, such as China, love to censor the internet and track their citizens’ internet traffic. These governments block any sites that don’t abide by their policies or share their beliefs.

This is why many people use VPNs: to bypass government firewalls. As these governments are aware of this countermeasure, they block VPNs, too. Fortunately, if you use OpenVPN over TCP, it would be nearly impossible for the government to block you.

You may have seen that secure websites start their URLs with https://. They use SSL or Secure Socket Layer, a standard security technology, to encrypt the data transmitted between a server and a user. Nowadays, almost all websites use SSL.

Due to the high prevalence of SSL, websites that use this technology are believed to be unblockable. Even China may find it difficult to block them. But this isn’t the most interesting part. The best part is that SSL uses not just any protocol and port, but the TCP protocol on port 443. As OpenSSL libraries are used in building OpenVPN, configuring TCP to run with port 443 is a piece of cake.

So, when the VPN is using OpenVPN over TCP on port 443, your VPN traffic seems like regular SSL traffic. There’s no way to identify the data, as they’re encrypted. Running OpenVPN over TCP port 443 will greatly increase your overall security and the strength of your digital defence.

Final Thoughts

TCP is and will be the dominant protocol for as long as it provides guaranteed delivery of data packets, reliability, error correction, and much more. But keep in mind the costs: latency and additional overhead. This is why even VPN providers use UDP as their default configuration, although it’s unreliable and connectionless.

Choosing what’s ideal for you doesn’t have to be difficult. It really just depends on whether you prioritize speed, or whether you prioritize reliability.

Written by: Shanika W.

Connect with him:

Shanika Wickramasinghe is a software engineer by profession. She works for WSO2, one of the leading open-source software companies in the world. One of the biggest projects she has worked on is building the WSO2 identity server which has helped her gain insight on security issues. She is keen to share her knowledge and considers writing as the best medium to do so. Cybersecurity is one of her favorite topics to write about. Being a graduate in Information Technology, she has gained expertise in Cybersecurity, Python, and Web Development. She is passionate about everything she does, but apart from her busy schedule she always finds time to travel and enjoy nature.

Leave a Reply

Your email address will not be published. Required fields are marked *