TCP VS UDP in OpenVPN

I saw the various discussions of OpenVPN TCP vs. UDP on the list, and in particular saw some people saying "TCP over TCP is bad, avoid unless necessary" and others saying "That's only under rare circumstances." I switched the work VPN from TCP (which it has been for almost a year) to UDP, and users at remote offices are reporting that operations which formerly took 10-12 seconds (opening a file on a network share) now take <1 second. I thought that was worth mentioning on-list...
------------------------------------------------------------------------------------------

TCP over TCP *is* bad because you're running the congestion control portions twice and they interact BADLY. If you have any (real) congestion or packet loss, TCP over TCP will just lose very badly. I've tested this in many different configurations in a former job when I was running ppp over ssh and let me tell you I was SO much happier once I switched to SSH port forwarding!
------------------------------------------------------------------------------------------

But from a practical standpoint, it only *really* makes a difference when you have massive packet loss on a link. This is why most people who DO use it don't see the huge deal, because the majority of the time, packet loss isn't a problem. There is, however, also the issue of TCP connections requiring more overhead to provide a connection then UDP. On the other hand, passing TCP connections thru a NAT is much easier then getting inbound UDP packets to get thru.
------------------------------------------------------------------------------------------

On most setups, UDP will be somewhat faster and more robust on congested networks. In some cases however, TCP could be faster if the path MTU would force UDP to excessively fragment. The only way to know definitively is to benchmark. Overall, UDP would always be my first choice. TCP is really provided as a backup for cases where UDP isn't a viable option. Actually with UDP, you usually don't need to open any firewall ports. That's because both peers actively initiate the connection, so the statefullness of the firewall allows return packets without an explicit firewall rule. UDP will give you better latency which is key for gaming.
-----------------------------------------------------------------------------------------both solutions (TCP & UDP) should be OK. The OpenVPN team recommends using UDP,and it is absolutely sufficient (only make sure that you configure keepalive packets for the connection, so that routers won't kill it. I'd suggest using UDP, and if you encounter problems, switch to TCP.

------------------------------------------------------------------------------------------

OpenVPN UDP or TCP, Which is Better?

This question has been asked many times before. Which is better for OpenVPN TCP or UDP bluntly neither is better. TCP is more reliable than UDP however UDP performs better than TCP. As TCP is a stateful protocol every packet that is sent requests that an acknowledgement ACK packet is received as a reply. This causes a greater overhead on TCP connections but does make them more reliable. UDP on the other hand is a stateless protocol. This means that packets are sent and assumed that they are received the other end with no retry or acknowledgement. This will make UDP quicker than TCP but less reliable. On a network as big as the Internet there can often be packet loss. Each connection you initiate crosses many routers on many different ISPs if one ISP is having some issues this may cause packet loss meaning your data does not get to its destination. OpenVPN in UDP mode will resend data if it is not received at the other end as the encapsulated TCP / IP protocol will recognize the packet loss and try a retransmission of the data. UDP SSL VPNs are better for VoIP and Gaming traffic where as a TCP SSL VPN is better for overall reliability.
------------------------------------------------------------------------------------------