Thursday, November 21, 2013

OpenVPN – TCP or UDP?

This is a question that has been asked many times. “Which is better for openvpn, TCP or UDP?”, blunty neither is better. TCP is more reliable than UDP, however UDP performs better than TCP.
As TCP is a stateful protocol every packets that is sent requests that an acknowledgement “ACK” packet is received as a reply. This causes a greater overhead on TCP connections but does make them more reliable. UDP as a stateless protocol. This means that packets are sent and assumed they are received the other end with no acknowledgement. This makes UDP quicker than TCP but less reliable. OpenVPN in UDP mode will resend data if it is not received at the other end as the encapsulated TCP / IP protocol will recognize the packet loss and try a retransmission of the data. UDP SSL VPN’s are better for VoIP and Gaming traffic where as a TCP SSL VPN is better for overall reliability.
Overall, UDP would always be the first choice. TCP is really provided as a backup for cases where UDP isn’t a viable option. Also, since you are tunnelling application TCP over openvpn’s UDP or TCp, and an TCP over TCP does not perform very well due to the interation between two levels of timeout estimation and retransmission algorithms.

No comments: