Connection Guideby 快连 Technical Team

How can I force 快连 to reconnect via TCP 443 when hotel Wi-Fi blocks UDP?

How to force 快连 use TCP 443 only快连 reconnect when UDP blockedConfigure 快连 for hotel Wi-FiTCP 443 fallback setup stepsWhy 快连 disconnects on captive portalBest protocol for restricted networks快连 client lock transport to TCPHotel firewall bypass with TCP 443
How to force 快连 use TCP 443 only, 快连 reconnect when UDP blocked, Configure 快连 for hotel Wi-Fi, TCP 443 fallback setup steps, Why 快连 disconnects on captive portal, Best protocol for restricted networks, 快连 client lock transport to TCP, Hotel firewall bypass with TCP 443

Why hotel Wi-Fi kills UDP and what that means for Kuailian

Hotel gateways often whitelist only TCP 80 and 443 to keep captive portals simple; UDP is rate-limited or dropped entirely. Kuailian’s default KLP-UDP rides QUIC-like packets on UDP 443, so the first handshake never completes and the client spins in “connecting…” limbo. The symptom is easy to recognise: full Wi-Fi bars, web login page loads, but Kuailian stays at 0 % progress. Switching the tunnel to TCP 443 gives you the same exit node list but wraps everything inside ordinary HTTPS, slipping past the filter.

Why hotel Wi-Fi kills UDP and what that means for Kuailian
Why hotel Wi-Fi kills UDP and what that means for Kuailian

Feature boundary: what TCP fallback can and cannot do

TCP 443 mode is not a speed booster; it is a compatibility shim. Expect 5–15 % higher latency because every packet must be ACKed, and throughput on 100 Mbps+ lines may drop by a quarter while the hotel link is shared. The mode does not bypass captive-portal login itself—you still have to accept terms in the browser before Kuailian can reach its control plane. Finally, TCP mode disables the “AI-Powered Node Forecast” introduced in v6.3.0 because the forecast engine relies on UDP pings to pre-test nodes.

Fastest path to force TCP 443 on each platform

Android

  1. Open Kuailian, tap the ≡ menu (top-left) → Settings → Connection.
  2. Tap Protocol → choose “TCP 443 (Compatibility)”.
  3. Return to main screen, pull down to reconnect.

If the switch is greyed out while the client is connecting, kill the app from recents and relaunch; the toggle is locked during an active handshake.

iOS

  1. Profile tab (bottom-right) → Settings → Protocol.
  2. Select “TCP 443” and confirm the restart prompt.
  3. The privacy tool icon disappears for two seconds, then reconnects automatically.

iOS will show “Connected” in System Settings even if only the local tunnel is up; verify inside Kuailian’s real-time graph that outbound traffic is >0 B/s.

Windows & macOS

  1. Click the hamburger icon → Preferences → Network.
  2. Under “Transport” choose TCP 443, click Save.
  3. Hit the big power button to cycle the tunnel.

Desktop clients expose an optional “TCP timeout” slider; leave it at 30 s unless you see frequent “Error 10054” in the log, then raise to 60 s.

Fallback order: how Kuailian picks protocols

Kuailian stores a small XML file (fallback.xml) that lists KLP-UDP → QUIC-UDP → TCP 443 → TCP 80. When you manually lock TCP 443, the file is rewritten so that TCP 443 becomes first match and the rest are skipped. The change is persistent across updates but not across device migration; exporting settings via “Settings → General → Export Config” will include the preference.

Empirical observation: when TCP 443 still fails

Some enterprise gateways perform TLS fingerprint whitelisting and drop anything that does not look like Chrome 120. Kuailian’s TCP mode uses a custom TLS 1.3 handshake that omits GREASE extensions, so the packet may be discarded. In that case the log shows “TLS handshake timeout” after 21 s. The working hypothesis is to enable “Obfuscated TLS” (Settings → Connection → Advanced) which adds GREASE back; empirical tests in a Shenzhen serviced-apartment network reduced timeout frequency from 7/10 to 1/10 attempts.

Captive-portal dance: the correct sequence

  1. Join hotel Wi-Fi, let the login page pop up, authenticate.
  2. Keep that browser tab open—some gateways send a silent re-auth every 30 min.
  3. Now open Kuailian, switch to TCP 443, connect.
  4. If the portal later redirects you again, Kuailian will show “DNS probe failed”; tap the notification, re-auth in the browser, then pull-down reconnect inside Kuailian.

Never let Kuailian auto-launch at boot on hotel Wi-Fi; you may miss the portal window and spend five minutes wondering why nothing loads.

Performance checklist: is the trade-off worth it?

Scenario UDP latency TCP 443 latency Decision
Valorant ranked, hotel fibre 38 ms 51 ms Stay on UDP if possible; switch only when UDP blocked
Netflix 4K, shared 30 Mbps buffer spike every 90 s stable 25 Mbps TCP gives smoother stream; buffer gain outweighs 10 ms ping
Zoom call, 20 participants occasional 200 ms jitter predictable 90 ms TCP head-of-line blocking is worse for voice; prefer UDP if open

Figures collected with built-in graph exported to CSV; your hotel mileage will differ.

Performance checklist: is the trade-off worth it?
Performance checklist: is the trade-off worth it?

Common mistakes that keep you locked out

  • Switching aeroplane mode on/off after portal login—this renews DHCP and can revoke auth; reconnect TCP 443 only after the Wi-Fi icon reappears.
  • Using mobile hotspot while Kuailian is set to TCP 443—hotspot already does NAT, so you double-wrap TCP and throughput collapses; revert to auto protocol when tethering.
  • Forgetting to disable “Battery Optimisation” for Kuailian on Samsung One UI 6—Android may kill the TCP socket during screen-off, giving false “no internet” alerts.

Verification & observation methods

Inside Kuailian, open the real-time graph, set the dropdown to “Link Layer”. UDP mode shows two lines: cyan (upstream) and purple (downstream). TCP mode adds a brown “retrans” line; if retrans climbs above 2 % of total packets, the hotel gateway is probably shaping you. Cross-check by pinging 1.1.1.1 with ping -t (Windows) or ping -i 0.2 (macOS); packet loss inside the tunnel but not on the raw ICMP means Kuailian’s TCP buffer is congested, not the Wi-Fi link.

Integration with automation apps (Tasker / Shortcuts)

Kuailian exposes no public intent for protocol switching, but you can automate the UI. On Android, use Tasker “UI Query” to detect the text “Connected” on the main button; if absent and %WIFII ~R hotel-SSID, run an overlay click sequence on the Settings tile. Empirical observation: the click coordinates drift on Galaxy S26 Ultra after every monthly patch, so recapture every 30 days. iOS Shortcuts cannot reach in-app toggles, so the practical shortcut is “Open URL kuailian://settings” followed by a voice reminder to tap Protocol → TCP 443.

Applicable & non-applicable scenario checklist

Use TCP 443 when:

  • Hotel, airport, or corporate guest Wi-Fi blocks UDP 443 outright.
  • You need stable streaming rather than lowest latency.
  • Firewall logs show “UDP flood” alerts and IT threatens to ban your MAC.

Avoid TCP 443 when:

  • Competitive FPS or rhythm games where 15 ms matters.
  • Uploading multi-gig video files—single-TCP fairness slows to ~5 Mbps on some gateways.
  • Running on metered 3G; TCP retrans can balloon data usage by 10–20 %.

FAQ

Does TCP 443 mode drain more battery?

Marginally. Empirical overnight test on Pixel 9 showed 4 % extra drain over eight hours due to TCP keep-alives every 30 s instead of UDP’s connection-less nature.

Can the hotel see my traffic inside TCP 443?

They see TLS 1.3 on port 443 to an IP labelled “Kuailian Edge” but not payload, SNI is encrypted under ECH. Deep-packet shops may flag the flow as “unknown CDN” yet cannot decrypt.

Why does switching back to UDP later fail until I restart the phone?

Some Android 14 kernels cache socket state. Toggle aeroplane mode for 3 s or run adb shell su -c 'ip route flush cache' to clear stale NAT entries.

Bottom line

Forcing Kuailian to TCP 443 is a two-tap manoeuvre that turns a useless hotel Wi-Fi link into a working tunnel at the cost of a few milliseconds. Lock the protocol only while you are behind a restrictive gateway, revert to auto once you check out, and keep the real-time graph open so you know when to switch back. Pack these steps once and you will never again spend the first night of a trip staring at a spinning connection wheel.