The two most common transmission protocols used to communicate over the Internet are:
TCP – Transmission Control Protocol and
UDP – User Datagram Protocol.
Both TCP and UDP are built on top of the Internet Protocol (IP), and both send bits of data, known as packets, to and from IP addresses. While both protocols do the same job, they go about it in very different ways. TCP is more concerned about accuracy. It allows devices to send and receive an ordered and error-checked stream of packets. UDP is more concerned with speed. It streams information faster by eliminating the error-checking.
TCP, UDP, and OpenVPN
OpenVPN, the VPN protocol that the ProtonVPN Windows app and Linux command line tool are built upon, allows you to choose between TCP or UDP for your VPN connection. OpenVPN’s default is to use UDP simply because it is faster. The smart protocol selection feature, available on version 1.9.2 and later of the Windows app, will always attempt to establish a connection using UDP first. But you can also switch between UDP and TCP manually in our app or command line tool. However, unless there is a concrete reason to change protocols, ProtonVPN recommends maintaining the default settings.
The ProtonVPN app’s default port is 1194 for UDP (which is the default port for OpenVPN) and 443 for TCP. However, the app is configured to work with other ports for both UDP and TCP. These ports are backups in case the main ports are blocked. If the app detects a block, it will search among the backup ports and use the port that offers the best performance.
When to use UDP vs. TCP
- UDP does not use TCP’s error correction mechanism, which speeds up the connection and reduces latency. This is why we advise anyone streaming a video or playing a video game online use UDP.
- If you have not been able to connect using UDP or you are on an unstable network, we encourage you to switch to TCP and try to connect again. Because the ProtonVPN app’s default port for TCP is 443, the port that handles HTTPS traffic, it is difficult to block. If a government official or network administrator were to implement such a block, they would make large portions of the Internet inaccessible. Furthermore, OpenVPN traffic looks identical to traffic with HTTPS encryption, making it hard to detect.
- TCP may allow you to use your VPN even if you are in a country that blocks VPNs. (A government that uses deep-packet inspection will likely still be able to find and block your VPN, even if you use TCP.) It could also help you if you are on a controlled WiFi network, like at work or university.
- If you are using the ProtonVPN Windows app, the smart protocol selection feature will detect this block and switch to TCP automatically.