Change protocol from TCP to UDP

p44

Dear all,

default protocol port of OpenVPN 7494/TCP.

Is possible to change protocol to UDP? This because some providers detect VPN over TCP and blocks that.

Inside "app" location I saw a check on "VPN TCP Port": what if I deselect?

Thank's a lot!

nebulon

@p44 not sure if possible but I guess we can also add UDP alongside TCP, have to see.

If you uncheck the TCP port, then it simply would not be opened up in the firewall and will not be setup to be forwarded to the app. I guess in this case it kinda renders the OpenVPN app instance useless then

mehdi

I am quite surprised that some providers detect and block VPN over TCP, as it should literally be impossible to distinguish between it and any other TLS-encrypted stream.

However, it would be very valuable to add the option of using UDP instead, as it can be unstable to have TCP streams inside a TCP VPN when the network is not very reliable (the effect is called "TCP Meltdown", which is quite a badass name in my opinion ^^ https://openvpn.net/faq/what-is-tcp-meltdown/ )

p44

@nebulon Thank's a lot! Hope that feature can be added to OpenVPN so app can be used also to keep working VPN in some cases where Isp analyse Internet traffic.

p44

@mehdi Several countries and individual ISPs are known to use Deep Packet Inspection (DPI) to analyse Internet traffic. In that case, OpenVPN connection is instable or useless.

Some VPN providers suggest to switch over UDP and in some cases add the "scramble" feature, so ports can be changed during data transfer.

Eg. see this: StrongVPN and this

mehdi

@p44 The doc in question actually says the opposite :

You can try UDP for a possibly faster connection, but if it can not connect, switch it to TCP.

Which makes sense : UDP OpenVPN traffic is very specific, so easy to detect. TCP OpenVPN traffic is very hard to detect.

p44

@mehdi Thank's a lot!

johannesjom

Have I overlooked something, or is the OpenVPN app still only capable of TCP?

girish

@johannesjom thanks for the reminder. This got lost in the sands of time. I pushed a new package now which supports UDP. Just enable it in the location section of the app after update. Note that client configuration files have to be redownloaded for UDP mode.

johannesjom

@girish Looks good, thanks!