OpenVPN over TCP vs UDP: What’s the Difference, and Which Should I Choose?

Shanika W.

By Shanika W. . 4 June 2024

Cybersecurity Analyst

Miklos Zoltan

Fact-Checked this

2 Comments

If you use a VPN regularly, you probably know that almost all VPN vendors provide OpenVPN protocol because OpenVPN is a secure and reliable open-source solution.

Both Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are protocols for sending data packets through the internet built on top of the Internet Protocol. They’re also the main transports over which OpenVPN can operate. Both network protocols provide privacy and security.

Many VPN vendors allow users to select which protocol to use. Yes, each has its pros and cons, but choosing which protocol to use depends entirely on your preferences. While neither option outperforms the other in all aspects, you should consider your usage and security needs before choosing the best one.

This article will give you a basic understanding of your options, advantages, and disadvantages, and when to use a particular protocol.

Summary: This article explores the two principal protocols used for transmitting data packets across the internet: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Both protocols enhance privacy and security and are implemented by OpenVPN. TCP is known for being a connection-oriented protocol, providing a stable connection and ensuring the successful delivery of data.

Conversely, UDP operates without establishing a connection, offering quicker transmission speeds than TCP, albeit with reduced reliability. The choice between TCP and UDP depends on individual requirements and preferences.

The article delves into the pros and cons of each protocol, offering detailed insights to help you make a well-informed choice.

OpenVPN over TCP vs UDP

Introduction to Transmission Control Protocol (TCP)

TCP is a stateful or connection-oriented protocol that allows communication among devices in a network. Once it takes messages from the application layer, it forwards them to the network after dividing them into packets.

TCP ensures the connection is established and maintained steadily until the transfer of packages is complete. This is why it’s connection-oriented.

Once a packet is received at the other end, the sending end waits for an acknowledgment from the receiving end before sending the following box. This guarantee of data-receiving makes this VPN protocol the most reliable one.

Let’s take a look at the benefits that TCP offers.

TCP Pros

  • Connection-Oriented – TCP is known to be a connection-oriented or a stateful protocol. It establishes a connection and maintains it throughout the session until the receiver has successfully completed sending messages.
  • Acknowledgement Sequencing – TCP is known for its acknowledgment sequencing behavior. It waits for confirmation from the other end for every data packet before sending the next one. If no confirmation is received when the wait is over, it resends the same packet.
  • Segment Sequencing – A message is divided into packets and then they’re numbered. TCP reassembles them into the correct order before sending. If the packets are received incorrectly because of networking issues, the sender can easily put them in order as they’re numbered.
  • Bypassing Strict Firewalls – Bypassing even the most strict firewalls is easy with TCP VPN tunnels. They’re not usually blocked as they operate on common ports like 80 or 443.
  • High Compatibility – TCP is the most popular protocol used in the internet; almost all networks ensure broad compatibility with it.

Yes, TCP can do the job, but it has some disadvantages you may need to consider.

TCP Cons

  • High Overhead and Lag – There’s considerable overhead with a TCP connection, as confirmations are needed for every packet transmitted. The receiver should always send an acknowledgment to the sender to receive the other data.
  • Also, if you’re experiencing a loss of connection at live conferences or VoIP, TCP would be a pain to endure, as it keeps retransmitting the lost data. So, if you’re using TCP, there will be a certain lag or delay when receiving data.

Conclusion About TCP

TCP is the most reliable and most commonly used protocol on the internet. That may be enough reason to choose TCP over UDP.

This is mainly due to the TCP’s error correction and data stream controlling mechanisms. They ensure that the packets the sender sends are received by their intended receivers uncorrupted and in the proper order.

This is what makes the connection error-free.

As mentioned, TCP waits for acknowledgment by the receiver that the packet was received successfully before sending the next one.

In other words, you can rely on TCP to deliver messages successfully. So, TCP may be ideal if you seek a reliable and steady connection.

Introduction to User Datagram Protocol (UDP)

Because of TCP’s speed issues, you might prefer another protocol over OpenVPN. UDP may be a good alternative because it can omit specific steps in TCP.

Although UDP is another popular internet protocol, it’s used only in specific circumstances. The main difference between UDP and TCP is that UDP has no error correction mechanisms.

UDP is considered stateless or connectionless communication, and no prior communications are needed to set up a connection between the sender and the receiver.

It provides checksums to check data integrity and port numbers to take care of functions at the receiving end of the data — or in this case, a datagram.

Let’s see the various advantages that come with UDP.

UDP Pros

  • Suited for Streaming and Online Gaming – UDP is ideal for low-latency applications such as Gaming or VoIP, and for video- or audio-streaming. Even if you experience a loss of connection at times, it would be better to have a loss of data than a delay in transmitting time-sensitive data.
  • High Speed and Performance – Given that fewer steps are involved in data transmission with UDP, it’s a lot quicker than TCP. Here, no acknowledgments are required to continue the connection, and you can receive and send data faster.
  • Saves Bandwidth – No error correction is involved with UDP. Even if the data packets are lost on the way, retransmission isn’t done. This saves you a lot of bandwidth.

Having high speed is good, but at what cost? Now let’s check the disadvantages of UDP.

UDP Cons

  • Unreliable Connection – There are no handshaking dialogs done here either prior to establishing a connection or in managing the connection. So, the connection is unreliable, and you’re exposed to threats in the underlying network.
  • Loss of data packets – Successful delivery of the datagrams and ordering isn’t guaranteed in UDP. This is why we say that there are no error-correction facilities. You may experience data loss, but they won’t be retransmitted as they are in TCP.
  • Less Compatibility – In internet-censoring countries, VPN traffic is blocked. The OpenVPN connections over UDP may fail, as they’re restricted, and it won’t be easy to bypass firewalls with it.

Conclusion About UDP

As should now be apparent, there are consequences of going with a speedy connection with UDP. Unless you’re looking for higher performance and a fast protocol, it might be better to go with TCP.

Unlike TCP datagrams, UDP datagrams contain no sequence number to order the packets received. So users are likely to use other applications and UDP to reorder the data packets.

However, if you’re interacting with real-time services such as gaming, live conferences, and VoIP, switching to UDP is better. That way, it won’t process delayed data, ensuring that you enjoy high performance.

It’s no wonder that some of the fastest VPN vendors out there choose UDP as their default configuration protocol with OpenVPN. Here’s what OpenVPN itself says about the two protocols:

Which Should I Choose? TCP or UDP?

Again, it depends on your requirements.

There’s a tradeoff between reliability and speed. For instance, if speed is your primary concern, UDP is your best option. Streaming HD movies and playing games online are much more manageable with UDP.

If you prefer reliability, then go with TCP. You may experience slower data transmission, but TCP is used with many internet services and therefore trusted by many.

You can also switch to TCP, abandoning the default UDP configurations when you experience connection problems.

However, change ports before hitting your protocol, as the connection type doesn’t cause many connectivity problems but because the ISP is blocking the VPN ports.

The slow transmission in TCP may also depend on how far you are from the VPN server. If you select the VPN server nearest you, the slow connections will drop considerably.

Configuring ExpressVPN with OpenVPN

ExpressVPN is by far the best VPN provider in the industry. Like many VPN applications, even ExpressVPN uses OpenVPN by default when the protocol option is “Automatic.” ExpressVPN’s website suggests that users can choose the optimal protocol by changing the settings. This is just a two-step process:

1. Go to Options.

2. Select your preferred protocol.

OpenVPN Running on TCP Port 443 vs Government

Censorship

Running OpenVPN over TCP brings extra advantages as well. This is about how to defeat government censorship with TCP port 443.

Many of us know that some countries, such as China, love to censor the internet and track citizens’ internet traffic. These governments block sites that don’t abide by their policies or share their beliefs.

Fortunately, if you use OpenVPN over TCP, it would be nearly impossible for the government to stop you. This is why many people use VPNs: to bypass government firewalls. As these governments are aware of this countermeasure, they block VPNs, too.

You may have seen that secure websites start their URLs with HTTPS://. They use SSL or Secure Socket Layer, a standard security technology, to encrypt the data transmitted between a server and a user. Nowadays, almost all websites use SSL.

Due to the high prevalence of SSL, websites that use this technology are believed to be unblockable. Even China may find it challenging to block them.

As OpenSSL libraries are used in building OpenVPN, configuring TCP to run with port 443 is a piece of cake. But this isn’t the most exciting part. The best part is that SSL uses not just any protocol and port but the TCP protocol on port 443.

So, when the VPN uses OpenVPN over TCP on port 443, your VPN traffic seems like regular SSL traffic. There’s no way to identify the data, as they’re encrypted.

Running OpenVPN over TCP port 443 will significantly increase your overall security and the strength of your digital defense.

Final Thoughts

TCP is the dominant protocol for as long as it provides guaranteed delivery of data packets, reliability, error correction, and much more.

But keep in mind the costs: latency and additional overhead. Even VPN providers use UDP as their default configuration, although unreliable and connectionless.

Choosing what’s ideal for you doesn’t have to be complicated. It just depends on whether you prioritize speed or whether you prioritize reliability.

2 Comments

  • Yoseph deSouza

    January 13, 2024 8:57 am

    I believe China can identify OpenVPN traffic over TCP and port 443 by deep packet inspection.

  • TM

    September 1, 2020 2:16 am

    Shanika,
    I so enjoyed your words and ability to talk to the “common human”. For me, it is overwhelming to try to find a logical choice as so many sites just leave me flummoxed on what to do. I could or wish I could ask a few questions but I will try and just ask one. I started my research thinking I would get a mobile VPN, like Express VPN or Proton etc. I fell down a rabbit hole learning about DD-wrt home routers. Why? My reading just kept saying this protects my data, my phones, computers in the best way. I live in Seattle, Wa and currently use the router provided by Comcast. Can you imagine a scenario where I have a home VPN and then when I walk out the door I am using ExpressVPN? Is that the gold standard. Also, while I am deeply fascinated by cyber security, I am fearful of not having the mental acumen to make all this merge together. I am willing to pay for the breadth of security, but need the software/hardware to be user friendly 🙁 or maybe I can find a support group or online tech to talk with. This may not reach you and I understand. I also know the answer to everything in life is often, “ it depends :).” Thanks for your work to help all of us security 101 folks! Best to you and your team.

Leave a Comment