Usually, TOSIBOX® products can establish the VPN connection directly between each other using the UDP protocol. There are, however, some cases where this is not possible, for example when outbound UDP is blocked in the firewall or a proxy server must be used. In these situations, the VPN connection is established using a fallback mechanism using the TCP protocol, with the help of a relay server.
The relay server is nothing more than a router that simply re-routes the encrypted VPN data between the connection end points. At no point is the data decrypted at any server because the connections are still end to end authenticated and encrypted.
Because of the latencies between the TOSIBOX® products and the relay servers, the nature of the TCP protocol, and server capacity, relayed connections may not provide as good performance as direct UDP connections. To avoid this situation and to ensure the best performance, all outbound UDP connections should be allowed in the firewall (https://helpdesk.tosibox.com/support/solutions/articles/2100033959-what-ports-do-i-need-to-open-for-tosibox-to-work-).