Many internet users are aware of what a VPN is and what it does. A VPN safeguards your online privacy by encrypting your internet communications and routing your traffic through secure tunnels. But do you know the inner workings of a VPN?
The protocol is the backbone of any VPN connection. In this guide, we’ll compare five of the most commonly used protocols in VPNs. This isn’t just for the tech enthusiasts out there though. Knowing the differences among these VPN protocols can help you choose the best VPN and the best type of connection for different needs, whether you’re looking for more speed, more flexible connections, or stronger encryption.
Let’s talk about OpenVPN, WireGuard, IKEv2, L2TP, and PPTP. Fair warning: You may hear a lot of networking jargon and talk about encryption in this post, but we’ll do our best to break it all down into bite-size, easy-to-grasp concepts. Let’s get started!
What Is a VPN Protocol?
A VPN protocol is a set of rules that decides how your online traffic gets from your device, through the VPN server, and to the web.
When you connect without a VPN, your online traffic simply travels between your device and the internet. To do that, it follows a set of rules called the Internet Protocol or IP. Every internet-connected device knows the protocol, much like you and your normal route to work. You’re familiar with it; a navigation app is optional.
When you connect to a VPN, it redirects your traffic through a secure, encrypted tunnel before reaching the internet. That calls for another set of rules, and that’s what a VPN protocol is. A VPN takes you to a safer alternative route, but your device isn’t familiar with it, so it needs the VPN to provide navigation instructions.
VPN protocols provide more than just directions, however. Just like different routes have varying distances, traffic conditions, and road safety, your choice of a VPN protocol determines the speed and level of security you experience with your VPN connection. It influences crucial aspects, such as the VPN encryption standard employed, the routing of various types of traffic through specific ports, and the overall reliability of your connection.
Surf More of the Web Securely with These Powerful VPNs
VPNs don’t create secure connections by magic. They run powerful software under the hood that lets us connect quickly and safely to more of the web. But you can’t be sure about a virtual private network until you test it. We’ve tested them all and these three VPNs gave us the fastest, most secure and versatile connections:
Overview of the Most Common VPN Protocols
Over the years, VPN leaders have developed and used a variety of protocols, each of which has unique benefits and disadvantages. The five most widely used protocols right now are:
- OpenVPN is an open-source VPN released in 20011 that has continually improved since. Now the gold standard of VPN protocols, it’s compatible with cutting-edge encryption standards and provides fast and reliable speeds.
- WireGuard is much newer, released in 2015. It’s comparable to OpenVPN in terms of security and encryption, but many consider it faster and more reliable.
- IKEv2 is often paired with IPSec (Internet Protocol Security) to create a secure VPN tunnel. IKEv2/IPSec is lightweight and adequately secure. It’s also agile, since it’s one of the few protocols that can re-establish a VPN connection when you switch networks (e.g. from mobile data to Wi-Fi).
- L2TP, much like IKEv2, is often paired with IPSec. It was developed in the 1990s by Cisco and Microsoft, and it was considered secure at the time. It still has zero known vulnerabilities, but many people believe it’s no longer safe from government spying, especially by the NSA.2
- PPTP is the oldest VPN protocol to become widely available, and many people see it as obsolete in terms of security. It’s fast and can still provide adequate privacy, however, albeit with a lower encryption standard.
FYI: Aside from the five widely used VPN protocols, some VPN providers create their own proprietary protocols either from scratch or based on existing protocols. When we reviewed NordVPN, for example, we got to experience NordLynx, which is based on WireGuard.
Comparing VPN Protocols: Speed, Security, Ease of Use, and Application
To compare all five VPN protocols, we need to see how they do in three key areas: speed, security, and ease of use. By doing so, we can figure out what they are best used for. Here’s a quick comparison chart, but be sure to read on for a more detailed explanation.
|Ease of use
In terms of speed, WireGuard and PPTP are the fastest, but OpenVPN, IKEv2, and L2TP offer decent speeds as well.
WireGuard is fast because it’s lightweight. The protocol can be implemented in very few lines of code, so there’s much less going on in the background. It also uses high-speed cryptography that, although state-of-the-art, makes key exchanges and traffic flow smoothly.
PPTP is fast for another reason: It’s not as strict in implementing encryption. By sacrificing security, it is one of the fastest VPN protocols around.
OpenVPN can also be fast, but it depends on the configuration. The speed of your connection can be affected by which transmission protocol you use. OpenVPN can use UDP (user datagram protocol) and TCP (transmission control protocol) to transmit data. The former is faster but can be unreliable, while the latter is slower but more reliable.
IKEv2 and L2TP have speeds comparable to OpenVPN, but IKEv2 has a unique advantage because it can establish a connection more quickly, allowing it to be more agile. If you connect through IKEv2, you can switch Wi-Fi networks without losing connection to the VPN.
When it comes to security, OpenVPN and WireGuard take the helm. IKEv2 and L2TP offer adequate privacy and security, but there are some security concerns. PPTP, meanwhile, offers the lowest level of security of the five protocols.
OpenVPN is built like a tank when it comes to encryption. It supports the highest encryption standard used in VPNs, which is 256-bit AES. In addition, its arsenal of security protocols relies on OpenSSL, a robust cryptographic toolkit of secure communication standards. In other words, OpenVPN is the most secure protocol.
WireGuard uses state-of-the-art cryptography. It doesn’t support AES encryption, but it substitutes it with ChaCha20. It’s less complex, but still very secure. One advantage of WireGuard, though, is that it’s easier to audit and there’s a smaller attack surface compared to OpenVPN, since it’s implemented in a few lines of code. That said, WireGuard is new and still developing.
IKEv2 and L2TP are once again evenly matched in the security category. Both support different levels of AES encryption, and they use IPSec to handle the encryption itself. Their use of IPSec, however, has become a concern since the Edward Snowden leaks in 2013, since they seem to imply that the NSA is working to insert vulnerabilities to allow the agency to monitor VPN users. IPSec was originally developed by Microsoft and Cisco, but the NSA also played a hand in its development.
PPTP is the least secure, and we advise against using it if privacy is a major concern. As early as 1998, studies showed that PPTP has serious vulnerabilities, both in its use of challenge/response authentication protocol (CHAP) and the encryption standard it uses, which is MPPE. Basically, researchers have found that CHAP’s cryptography is easy to crack, and the quality of MPPE encryption is very low.
Tip: Encryption plays a big role in VPN security, so in addition to choosing the right VPN protocol, you should consider customizing your VPN encryption standard. Most of the time, you’ll be able to choose between 128-bit AES and 256-bit AES, with the latter being more secure.
All five protocols are fairly easy to set up and use if you install a commercial VPN that supports them. Simply download a VPN app to your device and install it, and it will take care of the rest of the setup.
If you’re doing a manual installation, IKEv2, L2TP, and PPTP are the easiest to set up, because they are built into most computers. You can use those three protocols without third-party software when setting up a VPN manually on Android, for example. You simply need working credentials from a VPN service or your network administrator.
WireGuard and OpenVPN both require third-party software. There are official apps for both protocols available for Windows, macOS, Linux, iOS, and Android. Besides the apps, you’ll need to download a VPN configuration from a VPN provider or create one yourself before being able to use the VPNs.
Most operating systems make it easy to connect to a VPN once it’s set up on a device correctly.
What Each VPN Protocol Is Best For
Having seen how each VPN protocol does in terms of security, speed, and ease-of-use, we can now draw conclusions about what they are best used for.
- OpenVPN is a good general-purpose protocol for ensuring your privacy. It’s very secure, but you may see a slight drop-off in your internet speed.
- WireGuard is both fast and secure. It’s still in development and most VPN providers are yet to implement WireGuard, but like OpenVPN, it’s great for a day-to-day VPN.
- IKEv2/IPSec’s ability to connect quickly makes it great for mobile phones using cellular data.
- L2TP/IPSec is best for manual VPN configuration since it’s easy to set up. It offers adequate security and decent speeds, but there are security concerns, so you may not want to use it for transmitting highly sensitive data over the internet.
- PPTP is an obsolete VPN protocol with limited applications. It’s easy to set up, though, so it’s worth looking into if you want to run your own VPN server at home.
Your choice of VPN protocol greatly affects your overall VPN experience, but most commercial VPNs offer a number of protocols in one subscription. That means you can adjust how your device connects to the VPN on the fly, or even set up a different protocol for each device. Keep this guide handy, and come back whenever you need help fine-tuning your VPN connection.
Here are some FAQs about VPN protocols and the answers from our experts.
Are VPN protocols the same as encryption?
VPN protocols and encryption are not the same, but they are closely related. The VPN protocol is a set of rules that dictates how your traffic is handled, including what encryption standard to use and how to securely transmit the encryption keys to the VPN server. Encryption, on the other hand, is simply the process of scrambling data packets.
Are all VPNs encrypted?
All VPNs use encryption, but the quality of the encryption depends on which VPN protocol is used. OpenVPN, IKEv2, and L2TP support AES encryption, considered the gold standard, while WireGuard uses ChaCha20, which is also secure. PPTP uses the least secure encryption standard, MPPE.
Is WireGuard better than OpenVPN?
WireGuard is newer, but it has already proven better than OpenVPN in terms of speed. Since OpenVPN is open source and it has been around longer, however, it has been audited and reviewed more times than WireGuard, so it has a better track record with security.
Are IKEv2 and L2TP still safe to use?
IKEv2 and L2TP have no known major vulnerabilities, but they don’t provide much security on their own. They have to be paired with IPSec for encryption, and there are allegations in cybersecurity communities that the NSA may have compromised IPSec. If you’re doing journalistic research or activism and you fear the government may be monitoring you, it’s best to avoid IKEv2 and L2TP.
What is the best VPN protocol?
The best VPN protocol for you depends on a number of factors, including what device you’re using, how much balance between security and speed you want, what type of activities you’re doing online, and more. OpenVPN and WireGuard are generally considered the best VPN protocols for day-to-day use.