The OpenVPN protocol itself functions best over just the UDP protocol. And by default the connection profiles that you can download from the Access Server are preprogrammed to always first try UDP, and if that fails, then try TCP. Unfortunately, on some more restrictive networks, all traffic except very commonly used ports are simply blocked. For example on a public network it can be quite normal to see that only traffic for protocols such as HTTP, FTP, SMTP, POP3, and IMAP, are allowed, with usually some additional ports for SSL secured versions of those protocols, like HTTPS. Those protocols are almost all TCP-only and not UDP. On such networks it's useful to also support TCP connections, even though this is less ideal due to the possibility of the TCP Meltdown phenomenon. But given the choices between something that works reasonably well or not at all, we've chosen to be practical and also support TCP. By default we choose the port TCP 443 which is the same port as HTTPS traffic, which is usually allowed even on restrictive networks.