While using a VPN you may have noticed the option to select a VPN protocol. You know, those weird, seemingly random IT-sounding names that sometimes resemble alphabet soup: OpenVPN, WireGuard, IKEv2, SSTP, etc. So what exactly are those protocols, do they make a difference, and why should you care?
Every VPN uses protocols to establish a connection between your device and a VPN server and then securely transmit data. Choosing the right protocol option can have a big impact on the overall speed and security of your connection. Here I’ll explain what a VPN protocol is, discuss the most common protocols you’re likely to come across, and give advice to help you make an informed decision on which to use.
Choosing the right protocol can help, but they are only as good as the VPN provider itself. Remember to pair a good protocol with a top VPN service to get the best results.
What is a VPN protocol, anyways?
Simply put, a VPN protocol is a set of rules that determine how data is encrypted and sent between a device and a VPN server.
All internet-connected devices need a protocol in order to travel between your device and the internet or other devices on a network. They usually follow the Internet Protocol, or IP, which every device already knows and runs. Think of it like the Google Maps of the internet: You provide the source and the destination, then Google Maps finds the route and directs you on how to get there based on predetermined traffic laws.
A VPN protocol on the other hand, redirects your data traffic through a secure, encrypted tunnel before reaching its destination. This redirection and encryption requires a different set of rules than the standard IP, and these new rules are the VPN protocol. Since the VPN reroutes your data through its own servers, your device isn’t familiar with it and requires new instructions.
Much like traffic laws, a VPN protocol provides instructions on where to go, how fast to go, and how safely your data travels to its destination. To continue with the Google Maps analogy, a VPN protocol is like a separate, secret GPS that only your device knows and it might take you on a different — likely less efficient — route, but it’ll be safer because only your device knows it.
Most common VPN protocols
OpenVPN
Sam Singleton
OpenVPN is an extremely popular open-source protocol created back in 2001. It is known for both its security and versatility. This is down to the fact that it can be run on either TCP (transmission control protocol) or UDP (user datagram protocol). Without boring you too much with the details of these two, TCP maintains a strong connection between a receiver and sender and allows for great reliability. UDP, on the other hand, is connectionless, meaning you may lose some data transfer reliability, but the speeds will be faster.
OpenVPN is one of the most commonly used VPN protocols due to its mix of security and speed. And due to its open-source nature, the community-supported open source software (OSS) project allows developers to continually examine and update the OpenVPN code for vulnerabilities.
It is generally best to use OpenVPN for private web-surfing and other activities, especially when done over unsecure public Wi-Fi networks. Since OpenVPN is one of the most secure protocols, it does a excellent job of keeping you safe when you have to connect to potentially risky networks.
IKEv2/IPsec
IKEv2 is most often found on mobile VPN apps due to its on the go capabilities.
Sam Singleton
Internet key exchange version 2 (IKEv2) and Internet Protocol Security (IPSec) are often used in tandem. IKEv2 was jointly developed by Microsoft and Cisco and creates a secure tunnel connecting a device to a VPN server. IPSec then provides the encryption and authentication.
IKEv2’s best feature is that it can easily and quickly re-establish connections after network disruptions or while switching networks. This advantage allows for seamless switching between different network interfaces, such as from Wi-Fi to cellular.
Due to its network switching agility, IKEv2 is best used when you expect to frequently change network connections, such as while traveling or on the move when your mobile device may alternate between Wi-Fi and cellular.
WireGuard
WireGuard is a lightweight and fast protocol.
Sam Singleton
WireGuard is the newest and fastest protocol currently taking the VPN industry by storm. It uses state-of-the-art cryptography that outperforms even OpenVPN. And just like its forbearer, it is also open-source.
Released in 2015, WireGuard emphasizes simplicity making it extremely lightweight, efficient, and easy to build around. The latter has allowed many VPN providers to work off of WireGuard in order to build their own proprietary protocols — looking at you NordLynx.
Since WireGuard is hands down the fastest protocol currently available, it is best used when speed is a priority. Whether you’re streaming, playing online games, or downloading files, WireGuard should be your go-to.
SSTP
SSTP, or Secure Socket Tunneling Protocol, was created by Microsoft and is primarily available on Windows systems. It provides comparable speed and security to most other protocols on this list, but its lack of compatibility means it isn’t as widely used.
SSTP is an absolutely fine protocol to use for Windows users, but Mac and Linux users may need to consider other options.
L2TP/IPsec
L2TP, or Layer 2 Tunneling protocol, and IPsec are another common protocol duo. L2TP is one of the oldest protocols — developed in the 1990s. It connects a user to a VPN server, but does not encrypt or authenticate. Therefore, it relies on the tools found in IPsec to accomplish these security tasks instead. Despite its wide compatibility, L2TP is one of the slowest protocols still available.
L2TP/IPsec isn’t very common among modern VPN providers, but its compatibility and long history of use means that companies often use it to connect separate branches into one network.
PPTP
PPTP, or Point-to-Point Tunneling Protocol, was developed by Microsoft in the late 1990s and is one of the earliest VPN protocols. It still relies on outdated encryption and is therefore considered to be rather weak and susceptible to security vulnerabilities.
It is rarely used by VPN providers today, who instead opt for other protocols with much stronger and more advanced encryption ciphers.
I can’t honestly recommend that the average VPN user work with the PPTP protocol. Almost any other option on this list would be better. Besides, you aren’t likely to find PPTP as a protocol option from your VPN provider anyways.
Which VPN protocol should you use?
If you’re ever unsure of which protocol to use, it’s best to default to WireGuard.
Sam Singleton
The best VPN protocol for you will come down to preference and what you’re trying to do. The context in which you’ll use a VPN is going to ultimately dictate which protocol will be most effective. Each has its own advantages and disadvantages.
If you’re feeling the need for speed, then WireGuard should be your go-to protocol. It is currently the speediest protocol on the market and offers quicker connection times than its counterparts. This means that if you’re streaming, downloading large files, or gaming, stick with WireGuard to ensure you’re getting the best performance from your connection.
For activities such as online shopping, banking, and other things that benefit from strong security then opt for either OpenVPN or WireGuard. Both of these protocols offer robust encryption and security features. OpenVPN utilizes AES-256 bit encryption, which is deemed so secure it’s currently used by the military. Alternatively, WireGuard uses the comparable XChaCha20 encryption protocol, which is increasingly favored by cybersecurity experts.
If you want stability on your mobile network, such as when you’re connected to a VPN on the go, it’s probably best to use IKEv2/IPsec. This is down to the fact that it can seamlessly switch between Wi-Fi and cellular networks without disconnecting from the VPN — disconnections like this can be a security risk as they leave your private data exposed.
In the end, each VPN protocol is unique and should be utilized according to your own specific needs and situation. If you’re at a loss for which to choose or uncertain based on your current activity, then you really can’t go wrong with WireGuard. Its lightweight design makes it extremely fast and strong encryption provides excellent security. When in doubt, I usually default to WireGuard.