Leaderboard

Packet loss is a phenomenon that happens in both protocols but the user directly notices this only with UDP. TCP packets must be transmitted and received in order, checked for integrity and the correct reception of each and every TCP packet acknowledged by the peer. Should anything be amiss, such as a packet loss, the packet must be resent. This allows for highly "stable" connections and to have a general sense of the state of such a connection. If it goes stale, programs can initiate measures to reconnect right away or do other things, like notifying the user or so. UDP is connectionless. It's design is "fire and forget". It doesn't require an active connection, it doesn't care if sent packets are received at all. Packets are sent, and sent, and sent. Some of the ways for either parties to notice the connection is "lost" is if special keepalive packets stop coming or if a timeout on either party's side runs out. Too many lost packets and either side can assume the other side "lost connection". Which is not a real connection, but still. Now, in the context of OpenVPN this may suggest that TCP is the superior choice and we all should use it. But it's not. For TCP to be able to provide all that cool retransmission logic more info must be stored in the packet header, which limits how much data can be transmitted in a single packet more than in UDP. We call this a "higher overhead". Also, since TCP is all about reliability, if your internet connection happens to be somewhat unstable, TCP limits transmission of packets to ensure this reliability. This leads to throughput limitations, or what people commonly call "slow speeds". The thing is: Inside OpenVPN's protocol for the tunnel there's data transmitted over either TCP or UDP as well, such as a website download or a video conference. And TCP still works as always: If a packet is lost, the packet is retransmitted. On an unstable internet link, OpenVPN's TCP would limit the throughput, which leads to the web server limiting throughput, in exceptionally bad cases of unstable internet possibly to the point where the browser loses the connection to the web server; the TCP-over-TCP problem. UDP is a better idea: If OpenVPN's UDP loses a packet, a UDP connection in the tunnel will be treated as if a UDP packet is lost (no effect, in essence, maybe a lost frame in the video conference), and any TCP connection will simply retransmit the packet because it's how TCP works. For a minority of users, though, TCP may be a better idea if UDP is either rate-limited (you know, connectionless, difficult to track, can fill up bandwidth this way, blahblah) or blocked entirely. Generally, it makes sense looking into it to find out why UDP performs this way and only use TCP if there's really no other way. Hope it clears things up a little.