Not all VPNs are created equal. Depending on its VPN protocol, it may have different speeds, features, and even security and privacy holes. This article examines the major VPN protocols so you can choose the one that's best for you.
What is a VPN protocol?
A virtual private network (VPN) and a VPN protocol are not the same thing. E.g,NordVPN is a VPN service that allows users to choose from a number of different VPN protocols depending on their needs and the devices they use.
A VPN transmits your online traffic through an encrypted tunnel to a VPN server that assigns your device a new IP address. The VPN protocol is a set of programs and processes that determine how the tunnel is actually formed. Each is a different solution to the problem of secure, private and somewhat anonymous internet communication.
No VPN protocol is perfect. Each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security. Let's dive into the pros and cons of each protocol.
How many types of VPNs are there?
There are two types of VPNs:
- Remote Access VPNEncrypts data sent or received on your device, so no one can snoop on you. When talking about VPNs used by private users, they are all remote access VPNs;
- site-to-site VPNUsed to extend a company's network between different locations. They fall into two categories: intranet-based (combining multiple LANs into a private network) and extranet-based (when a company wants to expand its network and share it with partners or customers).
Protocols are the driving force behind VPNs. Below are six common VPN protocols and their pros and cons.
6 common VPN protocols
1. OpenVPN
OpenVPN is a very popular and highly secure protocol used by many VPN providers. It runs on TCP or UDP Internet Protocol. The former will guarantee that your data will be fully delivered in the correct order, while the latter will focus on faster speeds. Many VPNs, including NordVPN, let you choose between the two.
Pros
- Open source, which means it's transparent. Anyone can check the code for hidden backdoors or vulnerabilities that could compromise VPN security.
- Versatility. It can be used with a range of different encryption and traffic protocols, configured for different uses, or as secure or as lightweight as you need it to be.
- Safety. It can run almost any encryption protocol, making it very secure.
- Bypass most firewalls. Firewall compatibility isn't an issue when using NordVPN, but if you've ever set up your own VPN, it might be an issue. Fortunately, with OpenVPN, you will be able to bypass firewalls with ease.
Cons
- complex setup. Its versatility means that if most users try to set up their own OpenVPN, they're likely to be paralyzed by choice and complexity.
When to use:OpenVPN is irreplaceable when you need top-notch security: connecting to public Wi-Fi, logging into a company's database, or using banking services.
2. IPSec/IKEv2
IKEv2 provides the foundation for a secure VPN connection by establishing an authenticated and encrypted connection. Developed by Microsoft and Cisco, it is fast, stable, and secure. It succeeds on all of these fronts, but where it really shines is in its stability. As part of the IPSec Internet Security Toolbox, IKEv2 uses other IPSec tools to provide comprehensive VPN coverage.
Pros
- Stablize. IKEv2 typically uses IPSec tools called mobility and multihoming protocols, which ensure VPN connectivity as you move between Internet connections. This makes IKEv2 the most reliable and stable protocol for mobile devices.
- Safety. As part of the IPSec suite, IKEv2 works with most of the leading encryption algorithms, making it one of the most secure VPNs.
- speed. It uses very little bandwidth when active, and its NAT traversal makes it faster to connect and communicate. It also helps get through firewalls.
Cons
- Limited compatibility. IKEv2 is not compatible with too many systems. This is not a problem for Windows users, as Microsoft helped create this protocol, but some other operating systems will require tweaked versions.
When to use: IPSec/IKEv2 stability guarantees you won't lose your VPN connection when switching from Wi-Fi to mobile data, so it might be a good choice when you're on the move. It also bypasses firewalls quickly and offers high speeds on streaming platforms.
3. Guard
Wireguard is the newest and fastest tunneling protocol the entire VPN industry is talking about. It uses state-of-the-art encryption, outperforming the current leaders - OpenVPN and IPSec/IKEv2. However, it is still considered experimental, so VPN providers need to find new solutions (such as NordLynx by NordVPN) to overcome the Wireguard vulnerability.
Pros
- Free and open source.Anyone can view its code, which makes deployment, auditing, and debugging easier.
- Modern and extremely fast.It contains only 4,000 lines of code, making it the "leanest" protocol of all. By comparison, OpenVPN has 100 times more lines of code.
Cons
- incomplete.Wireguard is poised to be the "next big thing", but its implementation is still in the early stages and there's a lot of room for improvement. It currently cannot provide users with complete anonymity, so VPN providers need to find custom solutions that provide the necessary security without slowing down speeds.
When to use it:Use Wireguard when speed is a priority: streaming, online gaming, or downloading large files.
4. SSTP
Secure Socket Tunneling Protocol (SSTP) is a fairly secure and powerful VPN protocol created by Microsoft. It has its pros and cons, which means that each user must decide for himself whether the protocol is worth using. Although primarily a Microsoft product, SSTP can be used on systems other than Windows.
Pros
- Owned by Microsoft.With the largest market share, you can be confident that your Windows operating system will support or have SSTP built in. It also means that if you try to set it up yourself, it should be easy, and you can expect support from Microsoft.
- safe.Similar to other leading VPNs, SSTP supports the AES-256 encryption protocol.
- Bypass firewalls.SSTP can pass through most firewalls without interrupting your communication.
Cons
- owned by Microsoft,This means that security researchers cannot use the code for testing.Microsoft is known to work with the NSA and other law enforcement agencies, so there are suspicions that there may be a backdoor to the system. Many VPN providers avoid using this protocol.
When to use: SSTP is great for bypassing geo-restrictions and enhancing privacy when browsing the internet.
5. L2TP/IPSec
Layer 2 Tunneling Protocol (L2TP) doesn't actually provide any encryption or authentication - it's just a VPN tunneling protocol used to establish a connection between you and a VPN server. It relies on other tools in the IPSec suite to encrypt your traffic and keep it private and secure. The protocol has some handy features, but certain issues keep it from being the leading VPN protocol. (L2TP is no longer a supported NordVPN protocol.)
Pros
- Safety.Ironically, L2TP, which offers no security at all, makes it fairly secure. That's because it can accept many different encryption protocols, making the protocol as secure or lightweight as possible.
- adequate supply.L2TP is available on almost all modern consumer systems, which means administrators can easily find support and get it running.
Cons
- May be attacked by the NSA.Like IKEv2, L2TP is often used with IPSec, so it suffers from the same vulnerabilities mentioned earlier.
- slow.This protocol encapsulates data twice, which may be useful for some applications, but is slow compared to other protocols that encapsulate data only once.
- Firewalls have difficulty.Unlike other VPN protocols, L2TP doesn't have any neat ways to get through firewalls. Monitoring-oriented sysadmins use firewalls to block VPNs, and people who configure L2TP themselves are easy targets.
When to use:You can use L2TP to shop and bank securely online. It is also useful when you want to connect several company branches into one network.
6. PPTP
Created in 1999, Point-to-Point Tunneling Protocol (PPTP) was the first widely used VPN protocol. It was originally designed to tunnel dial-up traffic! It uses some of the weakest encryption of any VPN protocol on this list, and has a ton of security holes. (PPTP is no longer a supported NordVPN protocol.)
Pros
- fast.It's outdated, so modern machines run PPTP very efficiently. It's fast, but offers the least security, which is why it's popular with people who want to set up their home VPN strictly to access geo-blocked content.
- Highly compatible.In the many years since its inception, PPTP has essentially become the minimum standard for tunneling and encryption. Almost all modern systems and devices support it. This also makes it easy to set up and use.
Cons
- Not safe.Numerous vulnerabilities and exploits have been identified for PPTP. Some (not all) have been patched, and even Microsoft is encouraging users to switch to L2TP or SSTP.
- Broken by the NSA.The NSA is said to be deciphering the protocol regularly as a matter of course.
- blocked by firewall.As an old, outdated and barebones system, PPTP connections are more likely to be blocked by firewalls. If you are at school or business using a protocol that blocks VPN connections, this may disrupt your service.
When to use:PPTP is recommended only for streaming or accessing geo-restricted content. For anything else, you should use a more advanced VPN protocol.
VPN Protocol Comparison
VPN protocol | speed | encryption | stream media | Stablize | peer to peer | Available in NordVPN app |
---|---|---|---|---|---|---|
Open VPN | quickly | very good | OK | OK | OK | Yes |
IPSec/IKEv2 | quickly | OK | OK | very good | OK | Yes |
Protective wire* | very fast | very good | OK | very good | OK | No |
SSTP | Moderate | OK | Moderate | Moderate | OK | No |
L2TP/IPSec | Moderate | Moderate | worse | OK | worse | No |
PPTP | quickly | worse | worse | OK | worse | No |
Try NordVPN today with a 30-day money-back guarantee.
What is the best VPN protocol?
There is no one-size-fits-all VPN protocol. The answer to this question depends on your needs and what you do on the internet. If you're an avid gamer, you probably use a VPN for a different reason than someone who watches a lot of TV or works in a coffee shop a lot. To determine which NordVPN protocol is best for you, think carefully about which VPN connection you need most.
What is the fastest VPN protocol?
Wireguard is considered one of the fastest VPN protocols, providing faster connect/reconnect times and longer battery life on mobile devices. NordLynx by NordVPN combines the speed of Wireguard with enhanced security. IKEv2/IPsec is also considered a fast protocol, and it can satisfy many people's needs.
What is the most secure VPN protocol?
Many VPN experts recommend OpenVPN as the most secure protocol. It uses 256-bit encryption by default, but other ciphers such as 3DES (Triple Data Encryption Standard), Blowfish, CAST-128, and AES (Advanced Encryption Standard) are also available.
What is the most stable VPN protocol?
IKEv2/IPsec is considered the most stable VPN protocol because it provides strong connections and allows users to switch between networks without compromising their security.
What is the easiest VPN protocol to set up?
The PPTP protocol is built into many devices, making it one of the easiest to set up. However, since it is outdated and has a reputation for security issues, we do not recommend its use. Check out other options like Wireguard or IKEv2/IPsec.
NordVPNWait for the VPN service to set the protocols for you, so you don't need to worry about tweaking them for better performance. In fact, you can switch NordVPN protocols with just a few clicks on our app.
Enhance your security and take full advantage of VPN protocols