The Ultimate Question: UDP vs TCP What’s the difference? Which one should you choose?

edited November 2017 in General VPN Support Posts: 360
The answer really depends on your own usage and security needs, neither option out performs the other.

TCP

  • Better Reliability – TCP VPN service offers more stable connections as the protocol guarantees delivery of packets.
  • Bypass Firewalls – TCP VPN tunnels are rarely blocked since they run on common ports (80, 443). Usually TCP VPN tunnels can bypass even the most strict corporate firewalls.
  • Slower Speed – TCP features higher encryption methods that tend to slow transfer rates a little. For higher transfer speeds with OpenVPN use UDP

UDP

  • Faster Speed – UDP VPN service offers significantly greater speeds than TCP. For this reason it is the preferred protocol when streaming HD videos or downloading torrents/p2p .
  • Preferred – UDP VPN tunnels are the preferred OpenVPN connection method if your network supports it.
  • Lower Reliability – On rare occasions UDP can be less reliable that TCP VPN connections as UDP does not guarantee the delivery of packets.
 If you are experiencing connection issues please try changing ports before switching to a different connection type.  Most connection issues are caused by the Internet service provider blocking the port which the VPN is attempting to use to connect to the secure server.

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/226851548-I-have-trouble-connecting-or-the-connection-drops-frequently-changing-ports

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219059608-Why-is-the-VPN-connection-not-working-or-slow-with-the-PIA-App-

 I noticed that a lot of people on this forum were experiencing connection issues with the official PIA application so I put together this information thread hoping to help resolve those issues. PLEASE NOTE THAT I DO NOT WORK FOR PIA NOR AM I AFFILIATED WITH THE COMPANY IN ANY WAY SHAPE OR FORM.  I’m only attempting to assist other users in solving issues which they may encounter while using the VPN software. 
    Post edited by OpenVPN on

    Comments

    • Also worth noting, UDP doesn't work over Tor, so that's why you can't easily use PIA VPN over Tor :)
    • Posts: 360
      Also worth noting, UDP doesn't work over Tor, so that's why you can't easily use PIA VPN over Tor :)
      Thanks for the sidenote! I forgot to add that in there.
    • Posts: 1,018
      Another important thing I would like to add is, TCP being a reliable protocol it will cause the entire VPN to stall while TCP is correcting errors/requesting retransmissions because the TCP stack has no idea whether it's okay or not to deliver packets out of order, and ordering is part of TCP's specification.

      UDP being stateless means it is much closer to the IP protocol itself (only adding ports and a checksum mostly), and leaves error correction to the applications. Since the stuff you will be sending on the VPN will likely be TCP traffic, it's often preferable to leave the TCP connections inside the tunnel handle their own error correction. UDP is also always sent immediately because there is no state tracking to do or any error correction, so on a lossy connection a few dropped UDP packets will not stall the tunnel, the packets within the tunnel will simply be lost. This is why UDP is preferred for VPNs: it behaves much more like a normal ethernet link than TCP, and offers better performance as a result.

      Also might want to precise that UDP is faster by latency, as throughput should theorically be identical for both and in many situations TCP will actually deliver more throughput (and the expense of jitter as per my first paragraph).
    • Posts: 360
      Max-P said:
      Another important thing I would like to add is, TCP being a reliable protocol it will cause the entire VPN to stall while TCP is correcting errors/requesting retransmissions because the TCP stack has no idea whether it's okay or not to deliver packets out of order, and ordering is part of TCP's specification.

      UDP being stateless means it is much closer to the IP protocol itself (only adding ports and a checksum mostly), and leaves error correction to the applications. Since the stuff you will be sending on the VPN will likely be TCP traffic, it's often preferable to leave the TCP connections inside the tunnel handle their own error correction. UDP is also always sent immediately because there is no state tracking to do or any error correction, so on a lossy connection a few dropped UDP packets will not stall the tunnel, the packets within the tunnel will simply be lost. This is why UDP is preferred for VPNs: it behaves much more like a normal ethernet link than TCP, and offers better performance as a result.

      Also might want to precise that UDP is faster by latency, as throughput should theorically be identical for both and in many situations TCP will actually deliver more throughput (and the expense of jitter as per my first paragraph).
       Thank you for adding to what I’ve said, I really appreciate it. I could’ve never gone as in-depth as you did. 
    • Posts: 634
      @OpenVPN, while this is helpful, and Max-P has, as usual, added his own impressive expertise to the mix, it still may not adequately answer the question, "Which one should you choose?" The typical PIA subscriber is anything but network savvy, and they certainly don't understand the first thing about network protocols, let alone the differences between them. What most of them need is Step 1, Step 2, etc. The details, for those who actually want it, can come after that.

      The more knowledgeable among us love all the whys and wherefores. But it's easy to forget that most people could really care less. They just want it to work straight out of the box without having to read the manual -- plug and play. When it doesn't work immediately they want someone to just tell them which option(s) to select to get it working as quickly as possible.

      What I'd like to suggest is that you amend your original post to start off with something along the lines of:

      1. UDP is the more efficient protocol, so try selecting that one first. For most users it works the best for most applications. If you encounter no problems with using UDP then stick with that option.

      2. If you do encounter some issues using UDP (e.g. being blocked by a campus or workplace firewall or ISP, etc.) try TCP. If you still experience problems try selecting a different TCP port (e.g. 443, etc.).

      Please understand I'm not being critical of your post when I say this. I'm the worst offender when it comes to being verbose/TMI.
    • Posts: 1,018
      I agree with @tomeworm's summary. Most users have no reason to use anything other than the defaults (they're defaults for a reason).

      It's a bit more complicated than it appears tho. Some ISPs rate-limit UDP by packets as some ghetto DDoS protection. My server has this problem: the VPN will work perfectly fine over UDP but will cap at 40 Mbps because the datacenter limits the amount of UDP packets per second to 30,000. So even if it appears to work fine it's still worth trying TCP depending on the use case. It triples the bandwidth for me when using TCP, at the expense of the latency.

      A mix of both would be ideal I think. "Use the defaults, but know these properties if you feel something is wrong".
    • Posts: 360
      tomeworm said:
      @OpenVPN, while this is helpful, and Max-P has, as usual, added his own impressive expertise to the mix, it still may not adequately answer the question, "Which one should you choose?" The typical PIA subscriber is anything but network savvy, and they certainly don't understand the first thing about network protocols, let alone the differences between them. What most of them need is Step 1, Step 2, etc. The details, for those who actually want it, can come after that.

      The more knowledgeable among us love all the whys and wherefores. But it's easy to forget that most people could really care less. They just want it to work straight out of the box without having to read the manual -- plug and play. When it doesn't work immediately they want someone to just tell them which option(s) to select to get it working as quickly as possible.

      What I'd like to suggest is that you amend your original post to start off with something along the lines of:

      1. UDP is the more efficient protocol, so try selecting that one first. For most users it works the best for most applications. If you encounter no problems with using UDP then stick with that option.

      2. If you do encounter some issues using UDP (e.g. being blocked by a campus or workplace firewall or ISP, etc.) try TCP. If you still experience problems try selecting a different TCP port (e.g. 443, etc.).

      Please understand I'm not being critical of your post when I say this. I'm the worst offender when it comes to being verbose/TMI.
      Max-P said:
      I agree with @tomeworm's summary. Most users have no reason to use anything other than the defaults (they're defaults for a reason).

      It's a bit more complicated than it appears tho. Some ISPs rate-limit UDP by packets as some ghetto DDoS protection. My server has this problem: the VPN will work perfectly fine over UDP but will cap at 40 Mbps because the datacenter limits the amount of UDP packets per second to 30,000. So even if it appears to work fine it's still worth trying TCP depending on the use case. It triples the bandwidth for me when using TCP, at the expense of the latency.

      A mix of both would be ideal I think. "Use the defaults, but know these properties if you feel something is wrong".
      Thank you both for your input, it's very helpful. I tried to break it down to where it would not be confusing to those users who are not tech savvy but now I realized that I did not do a thorough enough job so in the next couple of days I am going to create a new post which will reflect these changes.

      Thanks!
    Sign In or Register to comment.