If you use one of the leading VPN services, such as NordVPN, you are going to have the option of selecting a protocol. This can be a bit baffling and perplexing if you have never delved into the inner workings of a VPN before! Considering that, I am going to take you through all of the main VPN protocols so that you can get a better understanding.
Table of Contents
What are VPN protocols?
A protocol is simply a method by which your device connects with one of the secure servers at your VPN of choice. For example, if you use ExpressVPN, the protocols available are all different ways in which you can connect your device to one of the ExpressVPN servers.
Let’s delve a little bit deeper so you can get a better understanding. VPN stands for Virtual Private Network, which is a secure tunnel between two or more devices. Whenever using a VPN, you will be connected to the Internet via an intermediary server that is run by the provider of your VPN, be it NordVPN or Surfshark.
The VPN protocol is going to determine how secure that connection is. The protocol is essentially a set of instructions that will dictate how the two devices interact with one and other. Different protocols have different authentication methods and encryption standards in place, which is how you end up with different levels of security and speed for VPN users.
Protocols are important because they determine how to handle possible errors, how to establish and verify encryption keys, and which encryption algorithm to use. The VPN protocol you select could be set up so that all of your data is routed through the encryption tunnel, or as happens with HTTP proxies, only your web traffic may be routed.
The three main types of VPN protocols
Now that you have an understanding of what a VPN protocol is, I am going to talk you through the main types of protocols so you can understand how they differ from one and another.
There is only one place to begin, and this is with Lightway. Lightway is considered one of the newer and better VPN protocols on the market today, yet it is not going to be available in all circumstances, so do keep this in mind.
Lightway has been specially designed for the contemporary world that we live in today. It provides a secure, smooth, and efficient experience, with features that are no longer required from a VPN being deleted with this VPN protocol to ensure the most effective results.
When you use Lightway, it may only take you a fraction of a second to establish a VPN connection. This all depends on the network that you use. One of the great features of this VPN protocol is that you are going to stay connected to your VPN even if you switch network on your device.
With Lightway, the minimal is done in order to get you connected in a secure and quicker manner, and I have noticed that my battery does not drain as quickly when this protocol is being used.
Lightway utilises wolfSSL. For those who are unaware, wolfSSL has a cryptography library that is well-renowned and respected in the industry and has been vetted extensively by a number of different third parties, including against the FIPS 140-2 standard.
Not only does Lightway run on the UDP protocol, but TCP is also supported. TCP will connect better on certain networks. However, it can be slower than UDP, so it all depends on your network. However, what this means is that Lightway can be used in many different situations, making it an efficient and flexible VPN protocol.
Do I recommend Lightway? Yes!
Of course, I cannot talk about VPN protocols without speaking about OpenVPN, which is undoubtedly the most popular.
OpenVPN is an open-source protocol, which is highly configurable. It is available freely for every platform, and the community very much holds it in high regard. This is why you will see that consumer VPN services have widely adopted OpenVPN as their protocol of choice.
The great thing about OpenVPN is that it can be configured with ease in order to mask itself as standard Internet traffic, which helps in terms of ensuring that firewalls and filters are not able to detect it. Consequently, trusted independent researchers have widely audited OpenVPN, which makes it appropriate for use even in environments that are sensitive.
So, let’s take a look at the different specifications and elements that you can expect from the OpenVPN protocol so you can get a better understanding:
- Ports – You can use OpenVPN on any port utilizing TCP or UDP.
- Performance – You can expect good performance when using OpenVPN, especially if you run it over User Datagram Protocol (UDP), as opposed to Transmission Control Protocol (TCP). You will find OpenVPN reliable and stable no matter whether you use it over a cellular or wireless network. Should you be experiencing connection issues, you can utilise OpenVPN with TCP, which will be slower but it will confirm all packets sent.
- Security – Deemed one of the most secure VPN protocols you can choose from, OpenVPN certainly ticks this box. Of course, you need to make sure that it is implemented correctly for this to be the case. There are not any major vulnerabilities that are known when it comes to OpenVPN.
- Encryption – TLS protocols and the OpenSSL library are used by OpenVPN to provide excellent encryption. A number of different cyphers and algorithms are supported by OpenVPN, including ChaCha20, Camellia, Blowfish, and AES.
- Setup – A special client software is required so that you can use OpenVPN, as opposed to it simply being built into various operating systems. Custom OpenVPN apps are provided by the majority of VPN providers today, which you can then use on various devices and operating systems. Installation tends to be simple and fast. You can use OpenVPN on all of the major platforms via third-party clients, including Android, Apple iOS, Linux, Mac OS, Windows, and a number of different routers.
Do I recommend OpenVPN? Yes!
Internet Key Exchange Version 2 (IKEv2)
IKEv2 is one of the newer VPN protocols that are available today, and it has a number of key strengths. One of the reasons why it is widely championed is because it is especially suited to mobile devices, which is, of course, vital today, and it is very fast too.
Nevertheless, it is mainly used in corporate environments at the moment. The lack of reconfigurability can be negative with this VPN protocol, and there is currently no native support for Linux. There is also strict licensing in place for IKEv2, which makes it challenging to audit.
So, let’s take a look at the different specifications and elements that you can expect from the IKEv2 protocol so you can get a better understanding:
- Ports – The following ports are used by IKEv2: UDP 4500 for NAT traversal, and UDP 500 for the initial key exchange.
- Performance – In a lot of instances, you will find that IKEv2 is quicker than OpenVPN because it is not as CPU-intensive. There are a number of different factors that can impact speed, though, and so this may not be applicable in all cases. When it comes to performance for mobile users specifically, IKEv2 tends to be the best option because it does great when establishing a reconnection.
- Security – One of the negative factors associated with IKEv2 is that it is a closed source. It was initially created by Microsoft and Cisco. However, I must point out that there are open source versions. On the flip side, there are some positives that we should address. Considered one of the most secure and quickest VPNs on the market, IKEv2 is certainly a worthy choice.
- Encryption – There are a number of different cryptographic algorithms that are used by IKEv2, including 3DES, Camellia, Blowfish, and AES.
- Setup – In terms of the setup, it tends to be easy and quick. You will need to import the configuration files that you need for the servers you wish to use. You can do this via your VPN provider. IKEv2 is natively supported on iOS, Blackberry, Mac OS 10.11+, and Windows 7+, as well as some devices that use Android. The “always-on” function is supported by some of the operating systems, which means that all Internet traffic is going to be forced through a VPN tunnel, which makes sure there are not any data leaks.
Do I recommend IKEv2? Yes!
What are some of the other VPN protocols available?
The three VPN protocols mentioned above are widely considered the best, but there are some other options available as well, which I will assess below.
WireGuard is another VPN protocol that has started to gain some traction in recent times. However, it is not offered by all VPN providers at present. The open-source and free VPN protocol was written by Jason A. Donenfeld originally. Edge Security LLC then developed it.
There have been some promising moments with regard to the development of this VPN protocol. It has a lighter codebase and it seems to be ticking the boxes in terms of speed. As a consequence, we have seen an increasing number of VPN providers adopt WireGuard within the past few years.
Layer 2 Tunneling Protocol (L2TP)
Next, we have L2TP, which is considered a great set-up from the likes of SSTP and PPTP. Both of which were very pioneering, but certainly outdated now.
With L2TP, you get improved security at the expense of reduced speed. Often, you will find that the IPsec protocol is paired with Layer 2 Tunneling Protocol in order to provide AES-256 encryption. You can read my guide on AES-256 encryption to get a better understanding. When both protocols are combined, you will see it written as L2TP/IPsec.
Nevertheless, I would say that the combination of L2TP/IPsec is more appropriate for anonymisation instead of security. The reason for this is because other protocols can provide better security levels, such as OpenVPN.
Point to Point Tunneling Protocol (PPTP)
I have just touched upon PPTP very briefly. This is one of the first VPN protocols to come out, and so it has a great and rich history. To give you an understanding of how old this VPN protocol is, it has been around since the Windows 95 days. However, it is now very easy to crack because it relies on the MS-CHAP v2 authentication suite, which is now outdated. Of course, as time goes on, our needs change and different vulnerabilities come to the fore, so PPTP has definitely fallen victim to this.
There is one advantage that does come with this, though, and that is the speeds that you are going to get with PPTP. As there are not as many authentication and encryption features, you get better speeds with PPTP. However, a lot of people would agree that it is not worth the risk. After all, the contents of your connection can be viewed by government surveillance organisations, your WiFi operator, and your ISP.
As a consequence, I would recommend that you do not use PPTP. Only experts who know what they are doing and have a legitimate reason for using PPTP should consider this option.
Secure Socket Tunneling Protocol (SSTP)
As well as PPTP, SSTP is the other VPN protocol that seems to be getting replaced by more modern versions. SSTP is a VPN protocol that was initial created by Microsoft, and it was implemented along with Windows Vista.
SSTP is very much like a PPTP tunnel wrapped in SSL, which is an early encryption protocol that was widely used for web page security. As a consequence of this, SSTP only worked on Windows devices begin with, and so it never really gained popularity beyond this.
A lot of the VPNs on the market nowadays do not support SSTP anymore.
How do you choose a VPN protocol?
The best VPNs on the market today, like NordVPN and ExpressVPN, take all of the guesswork out of this process for you. Rather than making things complicated by getting you to go to the settings and make changes to the protocol, the VPN provider will automatically select the best protocol for your needs based on the quality of your Internet connection. You will see that the protocol is typically set as “Automatic” or something along those lines when you head to the settings.
Of course, if you want to choose your own protocol, you are able to do so. The manner in which you change the VPN protocol will depend on the provider you are using. For example, if you use ExpressVPN, you will need to get in touch with a member of the company’s support team in order to do this.
Most people consider OpenVPN their go-to when it comes to the different protocols today. This is because it offers excellent security algorithms and 256-bit encryption, which ensures you have an impenetrable protection layer for your digital footprint and extensive cloaking abilities. The codebase is audited publicly and regularly checked for backdoors, implementation errors, and bugs.
Lightway is considered a new guy on the block, and it is likely that we will see more and more people take up this approach. Thanks to the lightweight codebase, you get a good dose of reliability, security, and speed. Less battery is used and the protocol is easily audited and maintained, so I would not be surprised to see more and more people make the switch to Lightway when their VPN provider gives them the option to.
Finally, IKEv2 is not a bad choice. A lot of mobile users will be very well-served by going down this route. When compared with OpenVPN, it offers a similar level of security, reliability, and speed.
Final words on VPN protocols
So there you have it: everything that you need to know about VPN protocols and the different options that are available. I hope that this has helped you to get a better understanding of the different options that are available to you, and why they matter when using a VPN.