What are VPN protocols and why do they matter? The various connection types tend to be confusing to most people, especially since many of them are acronyms that have no meaning by themselves. In this guide, I’d like to explain the different VPN protocols available, help you understand which you should use, and answer the most common questions I get from people.
It’s important to note that you don’t have to understand VPN protocols in order to use a VPN. In fact, most of the time you won’t even see options for connection types until you open up the advanced settings.
Most commercial VPNs are very plug-and-play.
These advanced settings exist, however, because there are cases where you would want to choose how you connect with your VPN. That’s where this guide can help you.
In this guide, we’re going to cover:
Let’s dive into the different types of VPN protocols and then discuss how/why you would use them.
By the end, you will have the confidence to choose the right connection type and understand how it will benefit you.
Different Types of VPN Protocols
While some VPN services develop their own proprietary protocols, there is a common standard of VPN protocols you’ll find across the board.
Here’s a quick list of those that you’re most likely to run into.
- PPTP – “Point-to-point tunneling protocol”
- L2TP/IPsec – “Layer 2 tunneling protocol”
- IKEv2/IPsec – “Internet key exchange version 2”
- SSTP – “Secure socket tunneling protocol”
There are others out there (i.e. Softether, Lightway, etc.), but since they either haven’t been widely adopted or are proprietary to a specific company, we won’t cover them in detail here.
Almost all of the most popular VPN services will give you the option to choose from at least a couple options from the list.
Simple Explanation of VPN Protocols
Before I go into detail on each of the above connection protocols, here’s a quick synopsis of the pros and cons of each:
|OpenVPN||Industry standard – secure, fast, and suitable for all VPN users;||Bloated source code|
|Wireguard||Newest, open-source protocol that is faster and more stable than OpenVPN;||Relatively new and under development|
|PPTP||Fast and ideal for streaming. Supported on older devices;||Least secure protocol and only recommended for advanced users.|
|L2TP/IPsec||More secure than PPTP. Good in areas where newer protocols like OpenVPN are not supported.||Slower than OpenVPN. Only recommended for advanced users.|
|IKEv2||Great for mobile devices. More secure than L2TP/IPSec.||Not as secure as OpenVPN or Wireguard;|
|SSTP||Extremely secure and can bypass firewalls that L2TP can’t.||Mostly works only on Windows computers.|
To dive a bit deeper, here’s what you need to know about each individual VPN connection protocol.
1. OpenVPN Connection Protocol
What is OpenVPN? OpenVPN is the industry standard and generally the most recommended protocol used by VPN providers.
Part of what makes OpenVPN so popular is the fact that it’s open source technology, unlike a few of the other VPN protocols that were developed my Microsoft.
The strengths of OpenVPN include that it is:
- Extremely secure;
- Highly configurable;
- Can be used on both TCP and UDP ports while supporting a large number of encryption algorithms and ciphers.
Of course, its time-tested use is also its downfall: OpenVPN source code has been bloated with so much extra code over the years that it is bulky to install and sometimes slow to use.
When to Use Open VPN: Use OpenVPN when security is your #1 priority. In short, if OpenVPN is an option for you, try to use it.
2. Wireguard – Newest Open-Source Protocol
While the rest of these VPN communication standards listed here are at least two decades old, Wireguard was only introduced in the past couple years.
I’ve already gone into detail about what makes Wireguard different, but the short answer is that it’s a much lighter code base that takes advantage of better encryption libraries.
What does this mean for you as a user? Wireguard offers:
- Encryption that is equal to or better than OpenVPN;
- The most stable connection of any protocol here (i.e. it can remain connected when you jump between networks);
- Most lightweight and fastest option (in other words, it connects faster and offers faster speeds);
The primary downfall here is that it doesn’t have decades of use to test for flaws. The code is open source and is continuously reviewed, but it’s also continuously being improved when bugs or inefficiencies are found.
When to Use WireGuard: There are only a select number of VPNs that offer Wireguard, but if you have the option, it’s worth testing this against OpenVPN to see which works better for you.
3. PPTP – VPN Protocols
PPTP, which stands for Point-to-Point Tunneling Protocol, is among the earliest encryption protocols invented and can run on versions of Windows dating back to 1995.
Because PPTP is one of the most common, it is also easy to set up and computationally fastest compared to other connection standards. Thus it is recommended for applications for which speed is most important, such as streaming video like Netflix over VPN.
However, the major downside is that the PPTP connection offers very little security. Keep this in mind.
When to Use PPTP: Use PPTP to stream geoblocked content at high speeds with limited buffering.
4. L2TP/IPsec VPN Protocol
L2TP, which stands for Layer 2 Tunneling Protocol, is usually combined with IPsec, or Internet Protocol security. Sometimes you’ll only see it written out as L2TP when you’re using your favorite VPN software.
L2TP was first proposed as an upgrade to PPTP. However, it tends to be a slower connection than PPTP.
Interestingly, L2TP does not provide strong encryption alone, which is why it is always paired with IPsec for end-to-end security.
Compared to PPTP, the L2TP protocol offers better security, but it’s still not quite as strong as what you’ll get with OpenVPN.
When to Use L2TP: Use L2TP if you’re having a hard time connecting with OpenVPN or it isn’t an option for you.
5. IKEv2/IPsec VPN Protocol
IKEv2, which stands for Internet Key Exchange Version 2, was initially developed by Microsoft and Cisco. It’s also the new kid on the block compared to other VPN protocols.
Many VPN providers such as NordVPN tend to pair IKEv2 with IPsec for additional security.
It also has the ability to automatically jump from WiFi to your wireless network without dropping the secure VPN connection, making it a popular option for mobile devices.
Unfortunately, the added security and functionality also take a significant toll on the overall speed of IKEv2.
When to Use IKEv2: Use IKEv2 for heavy mobile usage where you need a stable connection when switching networks.
6. SSTP (Windows Only)
SSTP, which stands for Secure Socket Tunneling Protocol, is owned directly by Microsoft. As such, it works mostly on Windows, with functionality on Linux and Android as well.
SSTP is regarded as among the most secure protocols as it transports traffic through the SSL (Secure Sockets Layer). It is also less susceptible to blocking by firewalls.
When to Use SSTP: Use SSTP if you run a Windows computer.
How to Choose Which VPN Protocol to Use
So now that you know a little more about the available VPN encryption standards, let’s dive into how you might want to use them in your day-to-day life:
- For general VPN users or newbies, you can always count on OpenVPN to guarantee anonymity, security, and the ability to access geo-restricted content.
- For early adopters, Wireguard has proven itself over the past couple years to be the best new security available and may eventually unseat OpenVPN as the standard in the industry.
- If online security, anonymity, and privacy are your top priorities for using a VPN, then OpenVPN, Wireguard or SSTP are the best. With these protocols, you won’t ever need to sweat about third parties seeing your IP address, geographic location, and online traffic. Remember that SSTP runs best on Windows devices, so if you have a non-Windows device, OpenVPN or Wireguard still provides all the security you need.
- For those using a VPN primarily for streaming geo-restricted content, such as streaming Disney+ outside the US, try using PPTP or L2TP/IPsec. Remember that these two offer little to no encryption security. So if security isn’t essential, you can use PPTP for streaming content as it is fastest. For some added layer of security, use L2TP/IPsec even though it is slower than PPTP. Before using these protocols, check streaming performance while using OpenVPN as PPTP and L2TP/IPsec are known to have major security flaws.
- The best for peer to peer downloading/torrenting are OpenVPN and Wireguard as they are best for anonymity and security. Some may recommend L2TP/IPsec to assist in increasing download speeds, but as L2TP/IPsec has security flaws, I would stay away from it when torrenting. It’s also important that you use a service with the VPN kill switch feature to make sure that if your connection does drop, your torrenting activity isn’t exposed.
On mobile devices, use OpenVPN, Wireguard or IKEv2. Each allow for easy configuration that connects quickly on mobile devices.
IKEv2 is another alternative as it can jump from WIFI networks to your cellular carrier without disconnecting.
FAQ: Connection Protocols for VPNs
The following are the most common questions asked about VPN connection standards.
Each VPN protocol serves a different purpose and has different strengths and weaknesses. Therefore, the “best” depends on your use case. For example, proven security points to OpenVPN, while speed and agility might require the newer Wireguard.
The fastest connection standard is generally considered to be PPTP, which stands for point-to-point tunneling protocol. It’s great for streaming video content, but it’s important to note that it doesn’t offer a high degree of security.
OpenVPN and Wireguard are widely considered the most secure optionss available to most people. Both offer 256-bit encryption and an open source code base that has been critically reviewed. SSTP is also quite a secure connection, but since it’s controlled by Microsoft, it doesn’t work on all devices.
In most cases, you shouldn’t change the VPN connection protocol often. The best VPN services will automatically choose the fastest connection for you. There are times, however, when you just won’t connect. It’s also possible that you might want faster speeds, more stability or greater security.
Some VPNs use what’s known as “obfuscated servers” to evade censorship in certain countries. This isn’t a particular protocol as much as it is a specialized servers. It is these kinds of features that are essential if you’re looking for the right VPN to use in China.
Final Thoughts | VPN Connection Protocols
Although this list could have been much longer, OpenVPN, Wireguard, PPTP, L2TP, IKEv2 and SSTP are considered to be the most common available options you’ll find.
Keep in mind that each VPN provider may add their own additional touch on the connection standards listed above.
For example, VyprVPN offers a proprietary Chameleon protocol to bypass government censorship in places like China and ExpressVPN now offers their Lightway option to compete with Wireguard.
Therefore after choosing which is best for you, review that service provider’s website and see if they have added anything to further bolster security or performance.