VPN protocols explained and compared

A Virtual Private Network (VPN) creates a safe “tunnel” between you and a computer you trust (normally your VPN provider) to protect your traffic from spying and manipulation. Any VPN worth its money encrypts the information that passes through it, so in this article we will ignore those that don’t use encryption. Among VPNs that offer encryption there is a large choice of available protocols. Every one of those protocols has some advantages and disadvantages. These are the important factors to look at when you are about to choose one:

  • Speed
  • Strength of the encryption
  • Stability
  • Ease of use
  • Security/privacy

In this article we’ll look at the different VPN tunneling protocols and how they perform.

What does the VPN protocol do?

Basically, the VPN protocol, or better the rules it uses, decides how exactly your data is routed through a connection. All these protocols have different rule sets based on what they care about most. For example, some VPN protocols prioritize data throughput speed while others focus on masking or encrypting data packets for privacy and security.

How many VPN protocols are there?

This extensive list is not complete, but it covers the most commonly used VPN protocols:

  • OpenVPN
  • L2TP/IPSec
  • SSTP
  • IKEv2
  • PPTP
  • WireGuard

Why does a fast VPN protocol matter?

Even though speed should not be the deciding factor, a slow VPN will discourage users and will therefore quickly be abandoned. You don’t pay top dollar for a fast internet connection just for the VPN to slow it down. Or, when you have a slow connection, you don’t want your VPN to make it even worse. But speed is often a trade-off with other characteristics like the encryption strength and security. And the speed also depends on factors outside of the protocol, like the distance to the VPN server, and obviously the basic speed of your internet connection. Using a VPN will never make it faster.

Security and privacy

This will be the deciding factor for many users when they are about to make a choice for a VPN. It needs to be said that the vendor is at least as important here as the protocol. After all, what good is a secure protocol if it turns out the vendor is willing to hand over your data at the first request? So, if you hear people ask what is better than OpenVPN, for example, the answer is that it depends on what you are looking for exactly. Many protocols are capable of comparable speeds and levels of secure encryption.

Ease of use

A point that we have made often in the past is that security and privacy software that is hard to set up or difficult to manage often misses the target. Misconfigured software doesn’t do what it potentially can do for the user, so it’s basically a waste of time and money. To be honest, we have seen cases where the user would have been safer using a free VPN or none at all.

What VPN protocol should I use?

This is a question that everyone has to answer for themselves. We can tell you about some protocols that are often recommended and why. But you will have to make up your own mind.

OpenVPN

OpenVPN is an excellent open-source protocol, but many users struggle to set it up properly. If you have an installer software or expert help, then this is not your problem. You will find that OpenVPN is the default protocol used by many paid VPN providers. It is a secure protocol but not super-fast (not super-slow either).

L2TP/IPSec

L2TP/IPSec is actually a combination. Layer 2 Tunnel Protocol (L2TP) is the protocol that is paired with Internet Protocol Security (IPsec). In speed and security, it is on par with OpenVPN. It is easier to set up unless you have to bypass a firewall. Some security concerns have been raised because the NSA helped develop IPSec.

SSTP

SSTP is short for Secure Socket Tunneling Protocol which was developed by Microsoft. Although the protocol works on Linux it is primarily thought of as a Windows-only technology. It is easy to set up on Windows machines as you might expect. It is impossible to use on Macs and hard to deploy on Linux. Speed and security are about the same as for OpenVPN and L2TP/IPSec.

IKEv2

IKEv2 was developedin a joint effortby Microsoft and Cisco. It is very well suited for mobile devices on 3G or 4G LTE because it’s good at reconnecting whenever the connection drops out. The protocol is very fast and secure. It is also easy to set up on the few devices that are compatible.

PPTP

PPTP is short or point-to-point-tunneling. This protocol was originally developed by Microsoft for dial-up networks. PPTP is fast and easy, but this is mostly due to a low encryption standard and it comes with some known vulnerabilities, it is no longer suitable for users that are privacy-focused.

WireGuard

WireGuard is relatively new compared to the other protocols, but it’s quickly become widely adopted because of the high security standard. This does not take away from the speed because WireGuard ditched a lot of unnecessary extras that other protocols are burdened with, and it runs from a Linux kernel. Which also makes it suitable for many platforms and applications.

Choose wisely!

We can only hope you read this article because you set out to make an informed decision (and we hope we have helped you with that). It is important to consider what matters to you in a VPN and also take into account that VPN software is more than just the protocol. The reason why you need a VPN and whether you trust the VPN provider should be equally important. Aside from a few outdated protocols, speed should no longer be an issue. Internet speeds are usually so much higher than what we actually need, a modern VPN should not interfere in a way that is noticeable.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.