I have various boxes which we send out to venues, on the whole outgoing connections are fine, but sometimes you get some really restrictive policies. I've had stuff that MITMs TCP/443, completely blocks UDP, etc.

My devices tend to try to connect back via

* UDP port 443, sometimes works

* an sstp vpn

* SSH to tcp/$highnumber, sometimes they blck/MITM port 80, 443, but leave the standard

* DNS

I can't think of a time that one of them didn't through.

It does make it through many firewalls these days, yes.

But all implementations I know use a much shorter timeout/keepalive period for UDP than they use for TCP because of firewalls/NATs. (I think the RFCs even recommend something like 300 seconds for TCP, but only 30 for UDP as a default?)

This has pretty significant implications on power consumption for mobile devices.