VPN Protocols: Which Protocol To Use?

A virtual private network (VPN) offers a number of advantages. They make it possible to surf anonymously, establish secure connections to distant networks, or circumvent restrictions allowing you to bypass censorship or access foreign streaming content. However, in order for all of this to happen as seamlessly as possible, VPN protocols need to be able to do their jobs. So, which options are there, and how do they work?
What Is a VPN Protocol?
A protocol specifies how two devices, specifically a client (such as your PC) and a server (that of your VPN) communicate with one another. Think of protocols as the language these devices use to talk to each other.
At the same time, protocols are also responsible for one of the most important features of a VPN: encryption. This is achieved through mutual authentication of each party.
VPN Protocols: Comparing 6 Protocols
There are a number of VPN protocols, each of which differs from one another in terms of performance, security, or other aspects. As such, the choice of protocols offered by your VPN provider directly influences the quality and safety of your connection.
Most providers make one or more of the following VPN protocols available:
OpenVPN
As its name implies, OpenVPN is a relatively new open-source solution. To ensure that connections are secure, it relies on the SSL3/TLS protocol. The most significant advantage of this protocol is its high degree of configurability. Sometimes, you can select the port that is communicated with, helping reduce the danger of port blocking.
Since the upgrade to AES and 128-bit encryption, OpenVPN has handled large data packets particularly well and is regarded by many as the gold standard in encryption.
In general, transfers made with OpenVPN are very fast, and, for the time being, not known to be compromised by any security services.
For these reasons, we recommend that everyone use OpenVPN.
Can work around most firewalls
Easy-to-configure
Open-source
Highly secure
Very fast
Cannot be perfectly integrated on mobile devices
WireGuard
WireGuard is the newest VPN protocol out there. It is open source and uses the cutting-edge in cryptographic algorithms such as ChaCha20, BLAKE2, and Poly1305, which allow it to offer powerful encryption and security.
Also when it comes to performance, WireGuard is a step ahead of its peers, not least because the software is directly integrated into a Linux kernel.
However, the protocol is still experimental, with its developers admitting that it shouldn't be 100% relied on. As such, it isn't universally supported by VPN services.
To find out more about WireGuard, be sure to check out our article on it.
High-performance, stable VPN tunneling
Top security owing to the usage of modern cryptographic processes
Open-source code with few exploits
Well-thought-out overall concept
According to its developer, still experimental
No dynamic IP address management (client must be linked to a pre-defined VPN address)
Currently doesn't support TCP
IKEv2
Internet Key Exchange version 2 is a VPN protocol based on IPsec technology. This standard can also be found on popular business smartphones, such as Blackberries.
One major advantage this offers users is the automatic re-establishment of interrupted or disrupted connections, making IKEv2 particularly attractive for mobile devices.
Safest connection method
Highly stable, even with network changes or disruptions
Easy-to-configure
Faster than L2TP, SSTP, and PPTP
Difficult to configure for servers
PPTP
The Point-to-Point Tunneling Protocol (PPTP) was developed by Microsoft, which long used it for its own internal VPN. PPTP relies on several authentication methods, and is compatible with nearly every device. Implementation is relatively simple for both the end-user and for servers, helping PPTP to maintain its popularity among VPN providers.
Unfortunately, over the past few years, a number of security flaws have been revealed, which show that PPTP has long been compromised by the US National Security Agency (NSA). As a result, Microsoft, among others, has warned users against it.
We also strongly advise against using PPTP. Even though it's easy to configure, that convenience isn't worth the security risk.
Fast
Easy to set up
Works on all platforms
Offers little security - even Microsoft warns against using it
Known to be compromised by the NSA
L2TP and L2TP/IPsec
The Layer 2 Tunnel Protocol (L2TP) is the only VPN protocol that does not have integrated encryption. For that reason, it's only used in combination with IPsec. L2TP is included in all modern platforms and setting it up is fast.
The only known problem with L2TP is that it uses UDP port 500. Firewalls often block this port by default, however, you can manually work around this by adding an exception for port-forwarding.
Data transfers with L2TP are somewhat slower than with other protocols, and even though there are no known exploits, experts warn that security services would not have a great deal of difficulty cracking L2TP connections.
If properly implemented, highly secure
Compatible with all devices
Easy-to-configure
Slower than other protocols
Blocked by most firewalls
Suspected of being compromised by the NSA
SSTP
With the launch of Windows Vista, Microsoft unveiled the Secure Socket Tunneling Protocol (SSTP). This protocol is almost exclusively used on Windows and Windows servers. For Windows users, it is especially easy-to-configure, since the protocol is already integrated into the operating system.
However, SSTP is a proprietary standard, and not an open-source one. Since its developer, Microsoft, is known to have cooperated with security services in the past, users should be wary of SSTP.
Still, the protocol remains very secure, stable, and easy to use in conjunction with firewalls.
Can work around most firewalls
Provides high security
Integrated in Windows
Uses port 443 for HTTP
Only functions on Windows devices
Choosing the Right Protocol
Despite a number of weaknesses, most protocols are relatively secure. The only exception is PPTP, which we strongly recommend against, owing to its known issues.
When you have the opportunity to use OpenVPN, you should. It's reliable, fast, and secure. To properly configure it, you'll likely need professional help, however, this should be seen as an investment in your security and privacy.
Even though WireGuard is still "under construction", many treat it as the new gold standard. If your VPN supports the protocol, give it a try, to better assess what sort of performance advantages it offers.
L2TP with IPsec is an excellent choice for non-critical connections. It provides speed, is easily configured, does not require any additional software, and is compatible with most mobile devices.
In general, third-party software is reliable. Should you still be looking for a suitable VPN, we recommend checking out our comprehensive VPN review, which shows how 22 of the most well-known VPNs stack up against each other.
