As a general rule, UDP is a better option for VPN traffic than TCP. TCP works very hard to ensure that every single packet makes it across the wire (or any other medium) uncorrupted and in order. For some things, such as SSH, file transfers, and web traffic, this is a good thing; we expect the resulting content to be legible and generally in its original form.

When connectivity is reliable with relatively little packet loss, TCP can function just fine for VPN. When that link drops packets and becomes unreliable, the problem can be amplified dramatically when the encapsulated traffic is also using TCP. The resulting traffic includes retransmit from both the OpenVPN processes at either end and the encapsulated traffic at both ...