What are the differences between UDP and TCP?
Although TCP and UDP are both forms of communication protocol, they work differently.
Use the table below to compare the main differences between UDP and TCP:
|How it works||Does not establish a connection||Establishes a connection|
|Resends lost packets?||No||Yes|
|Ensures packets arrive in the right order?||No||Yes|
|Flow Control||No – data packets may be dropped (lost) if the receiver is overwhelmed.||Yes – the receiver tells the sender how much space it has in its buffer to receive packets. TCP holds packets untill there is space.|
|What application is it used for inside your VPN tunnel?
(You can still use either TCP or UDP for your VPN tunnel)
|Suitable for real-time applications?||Yes||No|
UDP is Faster Than TCP
We tested ExpressVPN and NordVPN, the two top VPNs for 2022, to see how their speeds compare when using the OpenVPN protocol with UDP and TCP.
For each VPN and OpenVPN type, we connected from our UK headquarters to a server in the UK, US, and Australia and measured our download speeds. Here are our results:
|ExpressVPN (Mbps)||NordVPN (Mbps)|
|Country||UDP||TCP||% Loss||UDP||TCP||% Loss|
As this data shows, UDP is usually faster than TCP, and the difference becomes greater as the distance to the server increases. That’s because TCP delivers data packets in an ordered and error-checked stream, and any incorrect or missing data has to be re-requested from the sending computer, which adds delays.
Additionally, a UDP packet contains more payload than a TCP packet (because of its smaller header), more data can fit into a given network connection pipe (say 100Mbs) and so you get increased throughput.
For this reason, UDP is often used over TCP for activities such as streaming or gaming.
Using TCP, the back-and-forth communications between the sender and receiver means each message has to travel further, and the VPN’s average speeds decrease.
Using ExpressVPN, UDP was 23.5% faster connecting from the UK to the US, and 38% faster connecting to Australia.
The difference was even clearer using NordVPN. We lost 81% of our download speed connecting to the US using TCP, and 93.5% connecting to Australia. We did find that TCP was marginally faster than UDP when connecting to a NordVPN server in the same country, though.
TCP Consumes More Data Than UDP
TCP uses more data than UDP because it includes more information in the header of each data packet. This makes TCP more reliable, but less efficient than UDP.
Every data packet that’s sent over the internet has a header, which is like writing the address on an envelope. It contains the information required to get the data to the right place, and any additional information needed for the protocol.
Both UDP and TCP show the source and destination ports for the data, the length of the data packet, and the checksum in the header. However, TCP also includes additional information to guarantee correct delivery.
EXPERT TIP: The checksum is a calculation that’s carried out on the data twice: before it is sent and after it is received. If the result is different at the receiving end, it means the data has been corrupted in transit.
Here’s how the headers for UDP and TCP compare:
|Header size||8 bytes||20 bytes+|
|Header contents (both UDP and TCP)||
|Header Contents (TCP only)||No additional header data||
As this table shows, when compared to UDP, TCP uses more data to manage your data transfers when you send information over the internet.
TCP also involves more communications between the sender and receiver. That’s because the receiver ACKs (Acknowledges) every other packet when it is received using TCP, and any lost packets are re-sent. As a result, TCP uses more data than UDP.
In our analysis of VPN data usage, we measured the amount of extra data that is used by a VPN using TCP compared to UDP. Here’s a summary of our results:
|OpenVPN with UDP||OpenVPN with TCP|
|Data increase compared to not using a VPN||17.23%||19.96%|
If you are on a mobile data plan where you pay by the gigabyte or you have a fixed data cap, you’ll use your allowance faster if you use TCP.
TCP Is Slightly More Secure Than UDP
Neither UDP nor TCP are designed for security. They’re used to send data packets over the internet, and those packets could be plain text or they could be encrypted. Other protocols or applications higher up the communications stack usually take care of security.
Because packets are sequenced and acknowledged in TCP, it’s harder for a hacker to inject malicious data than it is with UDP.
In practical terms, neither protocol has security concerns when used with a VPN. Both TCP and UDP support the security and privacy features used to keep you safe.
How do VPNs use UDP and TCP?
OpenVPN is an open-source VPN protocol used in the vast majority of secure VPN services. In many cases, users have the option to choose between OpenVPN UDP and OpenVPN TCP. In this section, we’ll explain how this decision affects your VPN’s functionality.
First, imagine you’re browsing a web page without a VPN. The connection between your device and the web server will use TCP because it’s more reliable than UDP. Here’s how it works:
When you start using a VPN, new communications are wrapped in an OpenVPN tunnel between your device and the VPN server. That tunnel connects between your device and the VPN server, and it could use either UDP or TCP.
When you’re changing your VPN’s settings, you’re deciding which wrapper to use. So which protocol is better to use?
UDP vs TCP: Which is Better?
SUMMARY: If your VPN gives you a choice out of UDP or TCP, try UDP first. UDP is faster than TCP, and you can still use TCP for activities such as web browsing inside your UDP VPN tunnel. Using TCP with your VPN can help if UDP is blocked by a firewall or you have an unreliable connection.
The superior communication protocol depends on why you’re using a VPN. In this section, we’ll explain whether UDP or TCP is better for streaming, general browsing, bypassing censorship, and general VPN use.
Normal VPN Connections
Using OpenVPN with UDP is a better choice for almost all general VPN connections. That’s because UDP is faster than TCP and it uses less data.
Applications will continue to use TCP for their connection inside your UDP VPN tunnel, which means any services that require TCP’s guaranteed packet delivery can still have it.
Streaming and Gaming
Gaming and video streaming normally use UDP connections. That’s because it’s better to skip a small part of the stream than it is to experience a delay while trying to recover it.
For that reason, we recommend choosing UDP if you’re using a VPN to stream video or play video games.
If you use OpenVPN TCP, your VPN may attempt to recover lost data packets unnecessarily. If you wait for lost packets to be re-sent, a game or livestream would have moved on by the time your screen is updated.
EXPERT TIP: Netflix and Amazon Prime use TCP because it is easier to monitor bandwidth usage. All the available bandwidth between the server and receiver can be used, allowing data packets to be sent quicker. They can also alter the quality of the video accordingly, improving the user’s experience.
Emails and Web Browsing
We recommend using OpenVPN UDP when you are carrying out activities like emailing and web browsing.
It is a common misconception that you should use a TCP-based VPN tunnel for applications that need extra reliability. This is not necessary, and often not a good idea. The inner connection still has TCP if it needs it – the VPN tunnel doesn’t need to add another layer.
If you wrap a TCP VPN tunnel around a TCP connection, you run the risk of “TCP meltdown”. This happens when both layers of TCP attempt to compensate for lost packets. It occurs because the inner and outer TCP layers have independent timers used to decide when a packet is lost.
Bypassing Firewalls and Circumventing Censorship
If you need to evade censorship or circumvent a firewall, choose TCP for OpenVPN.
When using TCP on port 4433, your VPN traffic looks the same as HTTPS encrypted web traffic. Blocking TCP port 443 would shut down all e-commerce websites, so this traffic is usually allowed through firewalls.
Some VPNs also support TCP port 80, which is used for unencrypted web traffic, and will also pass through a firewall without any issues.
Students have reported that using OpenVPN with TCP has enabled them to break through their campus firewalls, whereas UDP is blocked.
TCP may work in countries where VPNs are officially blocked, but be aware that your VPN traffic could still be identified using deep packet inspection. TCP alone will not protect you if VPN use is not legal or safe in your country.
Always try UDP for OpenVPN first. It’s faster and your applications can still have TCP in the inner tunnel if they need it, to ensure reliability.
OpenVPN Inc. – the company that creates VPN software based on the OpenVPN protocol – says:
“The OpenVPN protocol itself functions best over just the UDP protocol. And by default, the connection(s) … are preprogrammed to always first try UDP, and if that fails, then try TCP.”
That said, if your VPN isn’t working with UDP because of network issues, you may find using OpenVPN with TCP fixes that. TCP is designed to compensate for unreliable network connections.
What is TCP?
TCP creates a connection between two devices such as your computer and a web server. Data is sent through that connection. It’s like a phone call in which the two devices talk to each other so they can check if the information was received correctly.
When Using TCP:
- All packets are guaranteed to be received. If the receiver does not confirm it has got a packet, the sender sends it again.
- Packets are sequenced to ensure that they arrive at the receiver in the same order they were sent.
- Packets are not sent if the receiver is not ready to receive them.
EXPERT TIP: You might have seen mentions of TCP/IP. IP stands for Internet Protocol, and it’s how TCP finds the IP address to send data to. You can’t use TCP without IP, so for our purposes, TCP/IP and TCP are the same thing.
What is UDP?
Unlike TCP, UDP is a connectionless protocol. Data is sent, but there’s no feedback mechanism to confirm it was properly received okay. UDP is more like sending something by post: you put it in the postbox and forget about it.
When Using UDP:
- Data packets may be lost in transit, and the sender would not know.
- Packets sent to an overwhelmed receiver will be dropped (lost) and cannot be recovered.
- There is no recovery mechanism built into UDP for lost or corrupted data, but applications that use UDP can include their own recovery mechanisms.
Because UDP does not need to establish and maintain a connection, UDP is faster than TCP. It’s ideal for applications that are highly sensitive to latency, such as video conferencing and online gaming.
An occasional missed packet might result in a glitch, but it’s better than the delay that would result while TCP resends the packet.
The Domain Name System (DNS) can and does use UDP and TCP. While it is increasingly using TCP as query packets grow, UDP is the default protocol to make sure it is as fast as possible.
About the Author