OpenVPN: Difference between TCP and UDP

About VPN (Virtual Private Network).

List of The Top Free OpenVPN Servers
So i hope get your feedback. Thank you very much for your informative post. This discussion about unreliability of UDP is moot. Running out of space There are too many factors to give you a definitive answer as it depends on too many factors. Trop cool mec, merci! So feel free to take advantage of this free vpn service and tell your friends about it, because everyone has a right to privacy, freedom of opinion and access to an open and unrestricted online internet experience.

OpenConnect


TCP requires acknowledgement packet to be received for every packet sent. So it needs more overhead in this connection. But this protocol is more reliable. On the other hand UDP is a stateless protocol. This means the packets which are assumed to be received does not need any retries or acknowledgements.

So this process becomes more flexible than the TPC. But it also prone to packet loss. Both of these protocols are used in open VPN. Though they have some advantages and disadvantages. This means the data sent is dependent on the connection. If the connection is lost during the process then the server will request again for the lost part.

On the contrary the UDP is connectionless protocol. This means once the data is sent the sender does not know whether that is finally delivered to the destination or not. That means if you sent two messages together you can be sure that the first message will be sent first then the other one. But in the UDP protocol there is no order. From a security perspective, TCP tunnels are easier. TCP is a system where by every packet is guaranteed to arrive in order. If a packet is received out of order, it is stored and if a packet doesn't show up to fill in a gap, it is re-requested.

This ensures a complete stream with no data lost, but it means that a connection may be held up by one missed packet while the information is requested again. UDP on the other hand makes no such guarantee and information will arrive in whatever order it arrives and be processed as such. I'm not sure about the security implications exactly, but you would likely still get a similar delay in UDP if using a non-parallelizable chaining stream cipher since it would need all the packets to arrive in order, but this could also be overcome by using an encryption mode that supports parallel decryption.

Actual physical point to point distance means nothing in the internet world, it all depends on ISP inter-connections. One time I pinged a server in the rack next to me and it had a ms delay because the packets were routed across the pacific and back because that was how the ISPs were connected to each other.

If the servers had been directly connected the delay would have been in the microseconds. The servers were inches away from each other but the actual distance that the packets traveled round-trip over all the hops was on the order of 25, miles!

That is an extreme example, but it illustrates that you can't trust distance. Rather than distance you need to look at latency, that is the round trip time it takes for an echo sent to the VPN destination to be replied to. As for what round trip time would make UDP a better choice than TCP I do not know, and it isn't that simple as there are other factors:. There are too many factors to give you a definitive answer as it depends on too many factors.

You'll simply have to try both methods and see. Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site the association bonus does not count. Would you like to answer one of these unanswered questions instead?

Questions Tags Users Badges Unanswered. David Drohang 1 3 4. Therefore, the performance situation is not clear, and you should measure. Thomas Pornin k 50 Can you please expand on it a little bit? TCP provides a bidirectional tunnel for data, but relies on packets, so there will be some "administrative" packets, e. Here's a pair of pictures for the visually-inclined. They're probably not quite correct and perhaps a bit simplified but they should give you the idea. NULLZ 8, 15 69 Disagree that you're trading speed against reliability.

Firstly for a TCP stream it needs reliable delivery - it doesn't matter if it's implemented directly on the underlying network or if it's tunelld in UDP packets - if packets go astray they must be resent in order to process the stream.