TCP vs. UDP: Which is Better for My VPN?

The one crucial factor difference between TCP and UDP for VPN use is that it is much easier to detect VPN traffic on a UDP connection. Learn which is best for your VPN and how to switch between these two protocols on your VPN application.

If you’ve used the OpenVPN protocol on a Virtual Private Network (VPN) service, you may have wondered what the TCP or UDP options are. We very generally call OpenVPN a protocol, but the reality is a little more complex.

OpenVPN is a VPN facilitator and acts as an entire system for VPN communications. That means it has various components allowing it greater agility in capabilities. This discrepancy is where TCP and UDP come into play.

Understanding TCP and UDP

Both TCP and UDP are IP-based communication protocols. They are the component that helps send data packets between IP addresses. While the core function of both is essentially the same, the essential distinguishing factor is how they do the job.

Transmission Control Protocol (TCP)

TCP relies on a connection to make data transfers happen. Unless two devices have an existing connection, data will not be transmitted. Once the data has been transmitted, that controlling system will generally close that connection. 

TCP is highly reliable as the protocol guarantees delivery to the destination. The guarantee is possible due to flow control and the need to acknowledge transmitted data. Thanks to that mechanism, there is a high deliverability rate for data sent over TCP.

Unfortunately, including that error checking mechanism also means that TCP isn’t the fastest around when transmitting data.

User Datagram Protocol (UDP)

UDP doesn’t require an open connection to transmit data. It gathers data into packets and adds a header that includes source and destination ports for communication – plus anything else needed for transmission. As soon as data packets are complete, they are sent off following instructions in the header.

The lack of error checking and the omission of necessity for connection handling makes UDP an extremely lightweight protocol. This speed clearly shows in performance, with data transmissions on UDP being much faster than over TCP.

Which Should You Use, TCP or UDP?

Like many other factors in technology, what you use depends on circumstances. There isn’t a “good” or “bad” option even for a specific purpose like VPN usage between TCP and UDP. The key to choosing the correct protocol is knowing your intention for the VPN.

The one crucial factor difference between TCP and UDP for VPN use is that it is much easier to detect VPN traffic on a UDP connection. 

When to Use UDP

Given the speed of UDP, it’s ideal for things that require high performance. This range of roles generally includes gaming, streaming media, video conferencing, or anything requiring high bandwidth. 

When to Use TCP

If you constantly get blocked when using OpenVPN with UDP, switching to TCP will often help. Internet Service Providers (ISPs) or websites don’t generally like VPN use and will usually attempt to detect and block traffic on these beautiful tools.

Switching Between Protocols on Your VPN Application

Most VPN applications that offer OpenVPN will allow users to switch between TCP and UDP. The default setting for OpenVPN connections is typically UDP since that’s the fastest option. If you want to change it, you can do so in your settings menu.

While making the swap may sound relatively straightforward, the way different vendors implement things can differ. To outline this, I’ll demonstrate the difference in swapping between the two protocols for NordVPN and CyberGhost;

To switch between TCP and UDP on the NordVPN app

  1. Launch your NordVPN app and sign in, then hit the gears icon on the top navigation bar.
  2. Select the “Auto-connect” option on the left navigation bar.
  3. In the display area, click the downtown menu next to the “VPN protocol” option.
  4. From the dropdown menu, you can select either OpenVPN (TCP) or OpenVPN (UDP).

To switch between TCP and UDP on the CyberGhost app

CyberGhost also defaults to UDP for OpenVPN connections, but it handles the selection a little differently. Instead of different choices, switching to TCP is available as a slider button in the VPN protocol settings.

  1. Click on the settings button in the app and click the “CyberGhost VPN” tab.
  2. Select the dropdown menu under “VPN protocol” and select “OpenVPN.”
  3. Below that, slide the option for “Use TCP instead of UDP” to the “On” position.

CyberGhost also allows you to use a random port to connect. This option may help you overcome blocks that you may encounter while using the service. However, note that allowing this can pose some risks. 

Each time the port swaps randomly, Cyberghost automatically allows access through that port on your Firewall. Random port swapping can be helpful, though, especially in public spaces that try to restrict traffic through standard ports.

Is OpenVPN the Best Choice?

OpenVPN has, for a long time, been a highly preferred choice for VPN users. The versatility offered by TCP and UDP makes it highly agile – even if a little inconvenient at times. Overall, the combination of speed, security, and reliability of OpenVPN has reigned supreme.

Yet, in recent times, a newer protocol has emerged in which VPN users have shown much interest – WireGuard. While WireGuard is still under development, some leading VPN providers have started experimenting with it.

NordVPN, for example, has modified it into their NordLynx protocol, while others like CyberGhost have implemented it “as is.” The results have so far been spectacular, with impressive speeds and connection reliability.

There are also other VPN protocols available that can be considered, albeit slightly older ones. Some have been phased out, while others still find utility for specific use cases. While some protocols may show better promise, OpenVPN as a whole is still, perhaps, the essential VPN protocol available at this point.

Final Thoughts

If your concern is more on security when it comes to VPN, you will likely be looking to OpenVPN for some time more. It’s the defacto standard and has been in the market long enough to have proven itself useful and safe for VPN users. Personally, though, I much prefer the speed available on WireGuard so far.