VPN Protocols: Which Should You Use?

A virtual private network (VPN) offers many advantages: Anonymous surfing, safer Internet connections, and no more censorship or geo-blocking of foreign content. However, for all of this to happen as seamlessly as possible, VPN protocols need to be able to do their jobs. So, which options are there, and how do they work?

A protocol regulates how a client (like your PC) and a server (your VPN) communicate with one another. Think of protocols as the language these devices use to speak to each other.

At the same time, protocols are also responsible for one of the most important aspects of a VPN: encryption. This is achieved through mutual authentication of each party.

There are many VPN protocols, each of which differs in terms of performance, security, or other aspects. As such, the choice of protocols offered by your VPN provider has a direct influence on your connection's quality and safety.

Most providers make one or more of the following VPN protocols available:

OpenVPN is a relatively new, open-source solution. It secures connections using the SSL3/TLS protocol. The most significant advantage of this is its high degree of configurability. Sometimes, you can select the port that is communicated with, helping reduce the danger of port blocking.

Since the upgrade to AES and 128-bit encryption, OpenVPN has handled large data packets particularly well and is regarded by many as the gold standard when it comes to encryption.

In general, OpenVPN transfers are very fast, and not known to be compromised by any security services.

For these reasons, we recommend that OpenVPN be used whenever possible.

WireGuard is the newest VPN protocol on the market. It's also open source and uses cutting-edge cryptographic algorithms like ChaCha20, BLAKE2, and Poly1305. Thanks to these, it provides powerful encryption and security.

The protocol is also a step ahead of its peers when it comes to performance, not least because the software is directly integrated into a Linux kernel.

Its only downside is that WireGuard is still experimental, with its developers admitting that it shouldn't be 100% relied on. As such, it isn't universally supported by VPN services, but a few do offer it.

To find out more about WireGuard, be sure to check out our article on it.

Internet Key Exchange version 2 (IKEv2) is a VPN protocol based on IPsec technology. This standard was extremely popular on business smartphones, like Blackberries.

One major advantage IKEv2 offers is the automatic re-establishment of interrupted or disrupted connections, making it particularly attractive for mobile devices.

The Point-to-Point Tunneling Protocol (PPTP) was developed by Microsoft, which long used it for its own internal VPN. PPTP relies on several authentication methods, and is compatible with nearly any device. Implementation is relatively simple for both the end-user and for servers, helping PPTP to maintain its popularity among VPNs.

Unfortunately, over the past few years, a number of security flaws have been revealed, which show that PPTP has long been compromised by the US National Security Agency (NSA). As a result, Microsoft, among others, has warned users against it.

We also strongly advise against using PPTP. Even though it's easy to configure, the convenience isn't worth the security risk.

The Layer 2 Tunnel Protocol (L2TP) is the only VPN protocol that does not have integrated encryption. For that reason, it's only used in combination with IPsec. L2TP is included in all modern platforms and setting it up is fast.

The only known problem with L2TP is that it uses UDP port 500. Firewalls often block this port by default, however, you can manually work around this by adding an exception for port forwarding.

Data transfers with L2TP are somewhat slower than with other protocols, and even though there are no known exploits, experts warn that security services would not have trouble cracking L2TP connections.

With the launch of Windows Vista, Microsoft unveiled the Secure Socket Tunneling Protocol (SSTP). This protocol is used almost exclusively on Windows and Windows servers. For Windows users, it's especially easy-to-configure, since the protocol is already integrated into the operating system.

However, SSTP is a proprietary standard and not an open-source one. Since Microsoft, its developer, is known to have cooperated with security services in the past, users should be wary of SSTP.

Still, the protocol remains very secure, stable, and easy to use in conjunction with firewalls.

Despite their weaknesses, most protocols are relatively secure. The only exception is PPTP, which we strongly recommend against, owing to its known issues.

Whenever you have the opportunity to use OpenVPN, you should since it's reliable, fast, and secure. To properly configure it, you'll likely need professional help, however, this should be seen as an investment in your security and privacy.

Even though WireGuard is still a work in progress, many treat it as the new gold standard. If your VPN supports the protocol, give it a try, to better assess what sort of performance advantages it offers.

L2TP with IPsec is an excellent choice for non-critical connections. It provides speed, is easy to set up, does not require any additional software, and is compatible with most mobile devices.

In general, third-party software is reliable. Should you still be looking for a suitable VPN, we recommend checking out our comprehensive VPN review, which shows how 27 of the best VPNs stack up against each other.