The two most common transmission protocols used to communicate over the Internet are:
TCP – Transmission Control Protocol and
UDP – User Datagram Protocol.
Both TCP and UDP are built on top of the Internet Protocol (IP), and both send bits of data, known as packets, to and from IP addresses. While both protocols do the same job, they go about it in very different ways. TCP is more concerned about accuracy. It allows devices to send and receive an ordered and error-checked stream of packets. UDP is more concerned with speed. It streams information faster by eliminating the error-checking.
TCP, UDP, and OpenVPN
OpenVPN, the VPN protocol that the Proton VPN Windows app and Linux command line tool are built upon, allows you to choose between TCP or UDP for your VPN connection. OpenVPN’s default is to use UDP simply because it is faster.
Our smart protocol selection feature will always attempt to establish a connection using UDP first. But you can also switch between UDP and TCP manually in our app or command line tool. However, unless there is a concrete reason to change protocols, Proton VPN recommends maintaining the default settings.
By default, OpenVPN uses UDP port 1194 and TCP port 443, but Proton VPN’s apps can connect via OpenVPN using multiple ports to defeat censorship attempts.
TCP, UDP, and WireGuard
By default, WireGuard uses UDP only. However, Proton VPN has adapted the protocol so that it can now run over TCP in our Android app (with support on more apps to follow). WireGuard TCP is more resistant to censorship than WireGuard UDP, but is not as effective as our custom Stealth protocol.
When to use UDP vs. TCP
- UDP does not use TCP’s error correction mechanism, which speeds up the connection and reduces latency. This is why we advise anyone streaming a video or playing a video game online use UDP.
- If you have not been able to connect using UDP or you are on an unstable network, we encourage you to switch to TCP and try to connect again. Because the Proton VPN app’s default port for TCP is 443, the port that handles HTTPS traffic, it is difficult to block. If a government official or network administrator were to implement such a block, they would make large portions of the Internet inaccessible. Furthermore, TCP traffic looks identical to traffic with HTTPS encryption, making it hard to detect.
- TCP may allow you to use your VPN even if you are in a country that blocks VPNs. (A government that uses deep-packet inspection will likely still be able to find and block your VPN, even if you use TCP.) It could also help you if you are on a controlled WiFi network, like at work or university. TCP is not as effective at defeating censorship as our Stealth protocol.
- If you are using the Proton VPN Windows app, the smart protocol selection feature will detect this block and switch to OpenVPN or WireGuard TCP automatically.