When comparing VPNs, we always recommend looking at the VPN protocols offered by a provider before choosing one. The best VPN services will offer the best VPN protocols. They’ll also let you pick which protocol to use.
Of course, if you don’t know what the different protocols are, choosing a VPN can be even more overwhelming than it already is.
So, to follow up on our Beginner’s Guide to VPNs, we’re taking a crack at helping you understand the ins and outs of VPN protocols.
We’ll also look at why they’re important and which one we recommend using (spoiler: OpenVPN.)
Different VPN Protocols
While all VPN protocols help you connect to a VPN server, they use different methods to do so. And these differences can affect your online privacy.
Here are the basics:
Internet Key Exchange version 2, or IKEv2, is a Microsoft-designed VPN protocol.
IKEv2 is one of the most secure VPN protocols available – especially convenient for mobile devices – with a high encryption level and very stable connection.
The connection speed is also very fast, which makes it an ideal VPN protocol for media streaming and/or torrents.
Internet Protocol Security, or IPSec, is rarely used as a standalone VPN protocol. This is because IPSec creates a slower, though still fairly stable connection.
There are also reports suggesting when IPSec was in its design phase, it was deliberately weakened.
IPSec defined 2 encryption protocols, Encapsulating Security Payload (ESP) and Authentication Header (AH). This is why you most often see it used with IKEv2 and/or L2TP.
Layer 2 Tunneling Protocol, or L2TP, is never used as a standalone VPN protocol. And though it’s relatively secure, it also has slower connection speeds.
L2TP also offers the option of using pre-shared keys (PSK), which hackers can download and use to eavesdrop on encrypted connections.
In fact, the NSA can allegedly decrypt L2TP/IPsec. Even if that isn’t the case, it’s reason enough to avoid using L2TP/IPsec when choosing your VPN protocol.
As the name suggests, OpenVPN is a protocol specifically designed for VPNs. Because it’s an open-source project, hundreds of developers are constantly working to improve it.
OpenVPN is based on 2 encryption protocols: Secure Sockets Layer (SSL) and Transport Layer Security (TLS), or SSL/TLS.
On a fundamental level, it samples all the best features of other VPN protocols while also patching all of their weaknesses (though it is admittedly slower than PPTP.)
Like all other VPN protocols, it works with transmission control protocol (TCP). But you can also opt to use OpenVPN/UDP (User Datagram Protocol), which is more secure.
This means OpenVPN has the highest possible encryption level for fast, stable connections.
Point-to-Point Tunneling Protocol, or PPTP, is one of the oldest VPN protocols in existence. Like many others, it was designed by Microsoft.
PPTP works very well with old computers, is very easy to set up, and is still used as part of Windows. But its very fast connection speeds are partially due to its incredibly poor encryption levels.
Internet Service Providers (ISP) can also block PPTP VPN connections because they work off a single port and use the Generic Routing Encapsulation (GRE) tunneling protocol.
Earlier, we mentioned SSL/TLS is one of the encryption protocol combinations OpenVPN is based on.
SSL VPNs don’t use the End-to-End Encryption protocol (E2EE) SSL/TLS is meant to establish.
Instead, they decrypt the data leaving their servers. This is largely why SSL/TLS isn’t a very popular VPN protocol by itself, though it’s still the standard for regular web encryption.
Secure Socket Tunneling Protocol, or SSTP, is heavily based on the SSL/TLS protocol. Basically, it uses SSL/TLS to transport web traffic between your computer and the VPN server.
SSTP is faster, more stable, and better encrypted than L2TP/IPsec, so it can bypass a lot of the firewalls that block L2TP/IPsec traffic.
But as a Microsoft design, it’s not available for any devices other than computers running on Windows and sometimes Linux.
WireGuard is the newest available VPN protocol, and like OpenVPN, it’s open-source. It’s heavily touted as a future replacement for IPSec, partially because it only uses one cryptographic suite, making it more secure.
Few VPN providers have adopted WireGuard so far, though that’s expected to change as the design is improved.
It’s already one of the fastest VPN protocols and boasts a high encryption level. But at the moment, it isn’t stable enough to rely on yet.
Why Are VPN Protocols Important?
Very simply, a VPN protocol is the way your data is sent over the internet. It’s basically a blend of transmission control protocols and VPN encryption standards.
This makes them incredibly important. Even if your VPN provider uses military-grade encryption, an insecure VPN protocol like PPTP puts your data privacy at risk.
What VPN Protocol Should I Use?
OpenVPN is by far the best VPN protocol to use, precisely because it combines all the strengths of other protocols but almost none of their weaknesses.
If speed is your biggest concern and you don’t mind a slightly less stable connection, OpenVPN UDP is the way to go. It’s the ideal option for media streaming and torrent downloading alike.
On the other hand, if you don’t mind sacrificing some of the speed in favor of connection stability, opt for OpenVPN TCP instead.
We always recommend choosing a VPN provider that allows you to use the OpenVPN protocol. But if your VPN doesn’t give you that option, your safest bet is to use IKEv2.
It’s a Microsoft design, and most of those don’t work with Apple’s operating systems. That’s why VPNs usually make L2TP/IPSec the default for Apple devices.
But IKEv2 does work with macOS and iOS, and it’s far more secure than L2TP. So if your VPN doesn’t offer OpenVPN and you have an Apple device, make sure you can switch the protocol to IKEv2.