- Choosing the right VPN protocol is crucial for both speed and security. OpenVPN is the most popular and recommended protocol.
- WireGuard is a newer protocol that shows promise in terms of speed, but there are concerns about its privacy.
- Other protocols like SSTP, L2TP/IPsec, IKEv2/IPsec, and PPTP have their own trade-offs and may be suitable depending on specific needs. Avoid PPTP due to security vulnerabilities.
There are multiple VPN protocols, and which protocol a VPN uses has a big influence on how it functions. Some protocols are a lot better than others. Thankfully, finding the best VPN protocol is easy as there are only a few candidates.
This Cybersecurity Awareness Week article is brought to you in association with Incogni.
What Is a VPN Protocol?
In short, a protocol is a set of rules that govern how devices within a network communicate with each other. When you connect to the internet, for example, you’re using the hypertext transfer protocol (HTTP) to let your computer talk to the site you’re accessing. A VPN protocol is a specific type of protocol meant for — you guessed it — VPNs.
A protocol can include all kinds of information. In the case of HTTP, it’s a set of rules surrounding how two devices can exchange data (in the form of HTML documents) as well as some basic security rules.
When you use a VPN, you’re rerouting your connection through a server operated by your VPN service. To do so securely, the VPN needs to use a separate protocol, one that’s designed for VPNs and contains information about the encryption used in the connection as well as some other technical details.
How a VPN Protocol Affects You
This may sound a little abstract, but it affects you directly: A good protocol will be a lot faster and a lot more secure than a bad one. Some protocols are slow because they need more steps when sending information, while others are less secure because they contain a flaw or use an encryption key that has a known weakness.
Weak encryption can expose your data to your ISP or any intermediaries that may be snooping on your traffic. It is extremely important to make sure you’re using a secure VPN protocol.
To help you pick the best VPN protocol for you — and by extension the best VPN, period — we’re going to go over the protocols we’ve come across the most, as well as some proprietary ones. We’ll start with the best ones out there, OpenVPN and WireGuard, and work our way down from there.
OpenVPN is probably the most popular VPN protocol out there. Almost all VPN providers offer it to their customers in some form or another. It offers both speed and security, without any significant trade-off in either. When using OpenVPN, most VPN providers will allow you to choose between TCP and UDP. You’re generally better off going with UDP, as it’s faster.
To give you an idea of how good OpenVPN is, almost all VPNs use it as their default. In the vast majority of cases, there’s no good reason to use anything else. The only exceptions are WireGuard or particularly solid proprietary protocols like NordLynx and Lightway, all of which we explain below.
In fact, we would go so far as to recommend not using any VPN that doesn’t offer OpenVPN, and to be a little leery of any provider that doesn’t have it as their default — besides the exceptions we mentioned earlier. We talk about one example in our Surfshark vs. ExpressVPN piece, where we docked Surfshark some serious points for defaulting to a mediocre protocol.
For most people, most of the time, OpenVPN seems to be the ticket. However, in 2021 a very interesting new protocol came out, which has the potential to dethrone OpenVPN. Named WireGuard, it’s fast as greased lightning, often beating OpenVPN on a similar server load — though keep in mind that there’s a lot more than just the protocol to determine a VPN connection’s speed.
Still, WireGuard looks solid. It has had at least one excellent proprietary protocol based off of it: NordVPN’s NordLynx. That said, there have been some rumblings about how private WireGuard really is, as it seems to store users’ IP addresses indefinitely in some cases.
That said, if speed is your overriding concern, WireGuard may be an excellent alternative to OpenVPN. While overall we prefer OpenVPN, WireGuard comes in a close second.
Our third entry is the Secure Socket Tunneling Protocol, or SSTP, which dates from the early 2000s and is generally considered to be fast and secure, though generally performs a little less well than OpenVPN. If for whatever reason you can’t use OpenVPN, SSTP is a solid fallback choice, though.
The main issue people seem to have with it is that its code is owned by Microsoft, a company with a less-than-stellar reputation when it comes to privacy. Though it’s unclear whether Microsoft gathers data from SSTP connections or not, if it’s something you’re worried about, you may want to avoid this protocol.
L2TP/IPsec and IKEv2/IPsec
This entry is two for the price of one: both L2TP and IKEv2 are two connection protocols that are generally paired with the IPsec security protocol to beef up encryption. In both cases, you’re making a trade-off: L2TP is reliable, but slow, while IKEv2 is fast — very fast, even — but has security issues.
In either case, they’re an interesting choice for developers as they’re much more flexible than OpenVPN. Most run-of-the-mill users, though, may not notice much of a difference. Generally, we only recommend using these two if you have no other choice.
From some of the better VPN protocols out there, we go to probably one of the worst available. Point-to-point tunneling protocol (PPTP) is a VPN protocol dating from the nineties — ancient in tech terms — which is not particularly secure and incredibly slow.
It’s generally not used anymore as it’s obsolete, but for some reason some VPNs still offer it. Whatever you do, don’t use PPTP — especially if you’re doing anything sensitive like using BitTorrent to download files or tunneling out of China.
Proprietary VPN Protocols
We’ll finish up by going over three interesting proprietary protocols which have come out. Developed by a VPN service for its own use, these protocols usually boast higher speeds, though some of them are a bit of a black box.
The Hydra protocol was developed for and used by Hotspot Shield and is a good example of sacrificing some security for speed. It’s very fast but uses weaker encryption — 128-AES rather than the 256-bit variant. It’s not the biggest deal, and the insane speeds Hydra tests at may be worth it.
NordVPN also wanted its own protocol, but it tweaked WireGuard to its liking rather than developing one from scratch. The result is a blazing fast VPN protocol that seems quite secure. It would be even better if NordVPN fixed its servers, something we go over in our article comparing NordVPN vs ExpressVPN.
Last but not least is Lightway, developed from scratch by our overall favorite VPN, ExpressVPN. Like NordLynx, it seems perfectly secure but is somehow even faster than anything else put out there, including WireGuard. Though we hesitate to call it the best VPN protocol — OpenVPN just has a better pedigree and track record — it is definitely worth checking out.