OpenVPN TCP vs. UDP

If you’re in the market for a VPN service, there’s a good chance you’ve noticed that OpenVPN is a protocol just about every provider offers. And it’s not surprising.

OpenVPN is both secure and reliable. It’s an open-source solution which means the underlying code is accessible anytime for inspection by security experts (something they regularly do).

It’s also a protocol which offers broad cross-platform support (it’s available for just about any device) and is generally easy to configure and work with.

OpenVPN can use both the TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) communication standards. Most VPN providers let you choose between them. But, few explain the OpenVPN TCP vs UDP difference and any advantages one has over the other.

The function of both standards is to split your data into small transmittable packets. The devil, however, is in the details. How they go about it is quite different.

Your choice of TCP or UDP can have a very real impact on how well a VPN works in your specific environment and for your specific needs. It’s a good idea to have at least a general understanding of the two technologies.

To help, here’s a rundown of everything you need to know about TCP, UDP, how they deal with data packets, and which you should choose to get the most out of an OpenVPN VPN connection.

What Are Data Packets

Before we dive into the differences between TCP and UDP, it helps to have a rough understanding of how data is transmitted over the internet. It is, after all, at that level where the two standards do things differently.

When your device sends data over any network, the internet including, the first step in the process is to divide that information into small, manageable parts. These are called data packets.

Each packet will contain at least the following:

  • The source IP address (where the packet is coming from)
  • The destination IP address (where the packet is going to)
  • Flags (various configuration flags specifying things like priority)
  • Type of data (email, website contents, streaming video, etc.)
  • Payload (the actual information you’re sending)
  • Trailer (data to show the end of packet)

No matter how the big the overall data is, a typical packet size will only be around 1,000 bytes to 1,500 bytes (1/1000 to 1/666 of a megabyte).

Breaking large amounts of information into small pieces is what makes communication over the internet reliable. It helps with traffic management and allows different parts of your data to take different network paths to avoid things like network congestion.

TCP Explained

TCP, or Transmission Control Protocol, is by far and away the most-used protocol on the internet. Its roots go as far back as 1983.

The reason TCP has such staying power is its reliability. It comes with an error correcting mechanism built right in.

Error correction is the main difference between TCP and UDP. On the internet, where network conditions vary wildly from region to region and may change in the blink of an eye, this is a handy feature indeed.

TCP Error Correction

At the core of TCP’s error correction is the packet number. Every packet sent has a unique and sequential identifier attached to it.

The receiver requires data to come in the correct order. Whenever it gets an expected chunk of data, it sends a quick message back to the sender acknowledging that fact.

If the receiver sees something it doesn’t want or doesn’t understand, it just sits quietly, waiting for the next packet to arrive.

The sequence number allows the TCP protocol to handle the following issues:

  • Data Duplication – Through the magic of networks, it is possible for a receiver to get the same packet twice, even if it was sent out only once. The sequence number allows the receiver to ignore any data it already processed.
  • Data Loss – Internet data packets go missing all the time. In fact, a 1% data loss is considered perfectly reasonable. When a receiver doesn’t get a packet, it can’t acknowledge its arrival to the sender. A short time after forwarding data, if the sender doesn’t see an acknowledgment, it will simply re-send the same information. This way every packet is guaranteed to (eventually) get where it’s going.
  • Data Sequencing – Data packets also often arrive out of order. Having a sequence number attached to each lets the receiver re-assemble things in the right order.

In addition to a sequence number, every TCP packet also contains a checksum. It’s a mechanism which helps the receiver figure out if the data was somehow corrupted along the way.

If data was corrupted, much like in the case of a missing packet, the receiver will just not send an acknowledgment and wait for a re-send (hoping that re-send will be correct).

All these built error handling mechanisms make TCP very well suited to the task of carrying data on what, despite appearances, is actually a pretty unreliable and error-prone internet.

The Pros of Using TCP With OpenVPN

Settings your VPN connection to use OpenVPN over TCP gives you the following benefits:

  • High Reliability – TCP includes error correction and guarantees in-order delivery of all data packets. Thanks to these features, it works well with encryption, where missing packets can create havoc and significantly slow down the connection. Since VPNs encrypt data, it’s a perfect fit.
  • High Compatibility – TCP is the most widely used protocol on the internet. That means most networks and firewalls play nicely with it, ensuring broad compatibility. Even in very controlled networks, ports 53 (DNS), 80 (HTTP), and 443 (HTTPS) are typically left open to allow for normal internet traffic.

The Cons of Using OpenVPN With TCP

With all the robustness of the TCP protocol come several drawbacks. Depending on what you’re using your VPN connection for, these may force you to steer clear of this OpenVPN configuration.

  • High Overhead – The error correction mechanism of the TCP protocol comes at the cost of speed. For every packet that goes out, the sender must see an acknowledgment from the receiver before it can forward more data. That creates significant overhead and delay in a VPN connection.
  • Lag – If you’re using an internet connection that is somewhat unstable, TCP will retransmit dropped data packets, creating a delay. For most static data (websites, file downloads, etc.) that is both acceptable and preferable. But, for time-sensitive applications like VoIP, video or audio streaming, or gaming, it’s far better to skip the missing data and just move on.

Defeating Censorship With OpenVPN Over TCP

Using a VPN configured to run OpenVPN over TCP has one additional benefit which a few of us may find very useful.

Some governments like censor the internet. They block access to any website or service they see as not aligning with their views, limiting their citizen’s access to information.

VPNs are often an excellent way to sidestep these censorship efforts, which is why those same governments love to block their usage. As it turns out, one of the best ways to make sure the latter doesn’t happen is to use OpenVPN with TCP.

Secure websites (those whose URL starts with https://) use a technology called SSL to encrypt data sent between the website server and your device.

An SSL secure website using the same techology as OpenVPN TCP

Years ago, SSL was only used by sites where security was of utmost importance. Think banks or online stores.

Over the last little while, however, that has changed. Today, just about every site uses SSL technology (and if it doesn’t, it probably will soon).

Because of its prevalence, SSL is pretty much considered unblockable, even by the most oppressive of governments. It’s a cornerstone technology and doing away with it would severely, if not completely, cripple the internet.

Where things get interesting is that SSL uses the TCP protocol on port 443. OpenVPN, which is built on OpenSSL libraries, can be configured to run TCP on that same port. Many VPN providers let you do this.

When a VPN uses OpenVPN TCP on port 443, any data sent over the connection looks like regular website SSL traffic, not VPN traffic. The data is also encrypted and hence, can’t be identified. It’s an effective and difficult to block way of hiding VPN use.

UDP Explained

UDP, or User Datagram Protocol, is another widely-used internet transmission protocol. It has origins dating back to around the same time as TCP but usually is only used in very specific circumstances.

The UDP protocol treats data packets in a similar way to TCP, with one significant difference – a near total lack of error correction.

A UDP packet does not include a sequence number. It contains no built-in mechanism for error correction other than a checksum to ensure a piece of data arrives at its destination uncorrupted.

Although this makes UDP data transmission more prone to errors, it also makes it much, much quicker than TCP. This is the reason why all the fastest VPN providers pick UDP as the default OpenVPN configuration.

When you’re streaming video or audio, or need extra low latency for applications like gaming or VoIP, UDP should be your protocol of choice.

The Pros of Using UDP With OpenVPN

Configuring OpenVPN to use UDP has several clear benefits. Using it is recommended when:

  • Dealing With a Slow Connection – In some circumstances, the overhead created by VPN encryption can result in very low connection performance. Using UPD instead of TCP can speed things up by reducing the extra processing and error correction delays which come with the latter.
  • Transmitting Time-Sensitive Data – If you’re sending or receiving VoIP traffic or live video over your VPN connection, dropped packets don’t matter as much as just getting data through. The same applies to video and audio streaming, as well as online gaming. In all these cases, UDP is very well suited for the task.

The Cons of Using OpenVPN With UDP

Even though UDP offers a significant speed advantage over TCP, it isn’t always the best choice to use with OpenVPN. Its most notable drawbacks include:

  • Less Reliability – Sending information using the UDP protocol comes with the risk of missing or corrupted data when network conditions aren’t ideal. That can result in failed downloads or dropped connections when errors pile up to the point of being unmanageable.
  • Compatibility Issues – In certain network environments, inbound and outbound traffic is limited to maintain network security. UDP is typically more restricted than TCP. Using it under such circumstances may cause OpenVPN connections to fail.

Why UDP Is Better for Streaming

Without a doubt, UDP is the recommended protocol to use for video and audio streaming. It’s a better choice than TCP because of the following:

  1. UDP is faster. It doesn’t have TCP’s error correction mechanism and, therefore, the sender doesn’t need to wait for an acknowledgment from the receiver before forwarding more data.
  2. UDP has lower latency and greater responsiveness than TCP. This is, again, due to the lack of error correction.
  3. Because UDP is quicker and more responsive, it needs less audio or video pre-fetching and buffering. As a result, the stream will play faster, delivering an overall better experience.

UDP vs. TCP Differences Summary

To summarize, here are the major differences between TCP and UDP. There are other, more technical ones, but these are most relevant to selecting the protocol to use with your VPN connection:

TCPUDP
SpeedSlowerFaster
ReliabilityHighLow
Error DetectionYesPacket corruption only
Error CorrectionYesNo, corrupted packets are discarded
Congestion ControlYesNo
ApplicationsWeb browsing, email, file transfersAudio and video streaming, gaming, VoIP and live broadcasts

For a more technical comparison of UDP and TCP, which is beyond the scope of this article, please see the video below.

OpenVPN Over UDP or TCP

Just about every VPN provider offer you a choice of using OpenVPN with TCP or UDP. The one you should pick depends on a few factors. Ultimately, it boils down to speed and reliability, and which is more important to you.

UDP is better for streaming, gaming, and real-time communication (both audio and video). With these applications, losing a packet here or there is not a big deal. But, having a fast connection and making sure your device doesn’t fall behind too much makes all the difference.

TCP, on the other hand, works well for accessing static data. If you use your VPN connection to view webpages, send emails, or downloads files, setting OpenVPN to use TCP is the better option. It’s also a more robust choice when you’re trying to defeat government or ISP imposed censorship.

If you do a bit of everything with your VPN and the OpenVPN TCP vs UDP choice isn’t clear, I suggest you try UDP first. See how things go. If you run into connection or stability issues, you can switch to TCP anytime.

Leave a Reply