OpenVPN can run over either the TCP (Transmission Control Protocol) or UDP (User Datagram Protocol) transports. Choosing which one to use is a highly technical issue, and one that most VPN providers (quite understandably) keep hidden ‘behind the scenes’.
Some VPN providers, however, prefer to let customers choose which connection protocol they prefer. The reason for this is that while both offer distinct advantages and disadvantages in each other, choosing which is ‘best is’ difficult, as it depends what the internet is being used for, and what matters to individuals most – speed or reliability.
TCP vs UDP, OpenVPN vs TCP, UDP vs OpenVPN... What is the difference, exactly?
TCP is, in general, the most commonly used connection protocol on the internet, as it offers error correction (and is therefore known as a ‘stateful protocol’). Whenever a computer sends a network packet using TCP, it waits for confirmation that the packet has arrived before resending the packet (if no confirmation is received), or sending the next packet (if confirmation is received).
This means there is ‘guaranteed delivery’ of all data, making the protocol very reliable, but there is a considerable overhead as packets are sent, confirmed, re-sent etc., making it quite slow.
UDP is referred to as a ‘stateless protocol’ as it performs no such error correction, simply receiving packets with no or retries. This makes it much faster, but less reliable.
- TCP = reliable
- UDP = fast
Which one to use?
Which one you use, therefore, depends on whether reliability or speed is your primary concern, and, in general, UDP is better for streaming VoIP, and playing games online.
However, how much TCP actually slows a connection down in practice can be very dependent on other network factors, with distance being the most important. The further away you are from your VPN server geographically, the further TCP packets have to travel to and fro, and therefore the slower your connection will be. If the server is relatively close-by, then you may not see much of a speed loss, while benefiting from a more reliable connection.
That said, probably the best general advice is to use the faster UDP protocol unless you experience connection problems, which is the strategy adopted by most VPN providers by default.
Defeat censorship with OpenVPN on TCP Port 443
When you connect to a secure website your connection is protected by SSL encryption. You can tell that a website is secure because its URL (web address) begins with https: and a closed lock icon should appear to the left of your browser's URL bar. Traditionally it was mainly banks and online shops etc. that used SSL, but with growing public concern about internet security, it is increasingly common to see SSL encryption deployed on all kinds of websites.
SSL is the cornerstone of security on the internet, and any attempt to block it effectively breaks the internet (which hasn't stopped places such as Iran trying!). SSL runs over TCP port 443.
The interesting thing for OpenVPN (which is based on the OpenSSL libraries) is that configured to run on TCP port 443, OpenVPN traffic looks identical to regular SSL connections. This makes running OpenVPN over TCP port 443 ideal for evading censorship as:
- It is very difficult that OpenVPN is being used rather than regular SSL
- It is almost impossible to block without breaking the internet.
Some custom VPN clients allow you to select TCP port 443, or it can often be configured manually (ask your VPN provider for settings.)