The best VPN protocols

A VPN protocol is a ruleset that decides how data moves between a device and a VPN server. VPN providers use these protocols to provide stable and secure connections for their users.

A VPN transmits your online traffic through encrypted tunnels to VPN servers that assign your device a new IP address. VPN protocols are sets of rules and processes that determine how that tunnel is actually formed. Each one is a different solution to the problem of secure and private internet communication.

No VPN protocol is perfect. Each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security. Let’s delve into each protocols’ pros and cons.

There are two types of VPNs:

• Remote access VPNs encrypt data that is sent or received on your device. When we’re talking about VPNs employed by private users, these are remote access VPNs.
• Site-to-site VPNs are used to extend a company’s network between different locations. They are divided into two categories: intranet-based (to combine multiple LANs to one private network) and extranet-based (when a company wants to extend its network and share it with partners or customers).

Protocols are the driving forces behind VPNs, but what are the most common VPN protocols?

Different VPNs use different protocols. Here are six common VPN protocols along with their pros and cons.

OpenVPN is a very popular and highly secure protocol used by many VPN providers. It runs on either the TCP or UDP internet protocol. The former will guarantee that your data will be delivered in full and in the right order while the latter will focus on faster speeds. Many VPNs, including NordVPN, will let you choose between the two.

Pros

• 

  Open source, meaning it’s transparent. Anyone can check the code for hidden backdoors or vulnerabilities that might compromise your VPN’s security.
• 

  Versatility. It can be used with an array of different encryption and traffic protocols, configured for different uses, or be as secure or light as you need it to be.
• 

  Security. It can run almost any encryption protocol, making it very secure.
• 

  Bypasses most firewalls. Firewall compatibility isn’t an issue when using NordVPN, but it can be if you ever set up your own VPN. Fortunately, with OpenVPN you’ll be able to bypass your firewall easily.

Cons

• 

  Complex setup. Its versatility means that most users may be paralyzed by choice and complexity if they try to set up their own OpenVPN.

When to use it: OpenVPN is irreplaceable when you need top-notch security: connecting to public Wi-Fi, logging into your company’s database, or using banking services.

IKEv2/IPsec sets the foundation for a secure VPN connection by establishing an authenticated and encrypted connection. It was developed by Microsoft and Cisco to be fast, stable, and secure. It succeeds on all of these fronts, but where it really shines is its stability. As part of the IPSec internet security toolbox, IKEv2 uses other IPsec tools to provide comprehensive VPN coverage.

Pros

• 

  Stability. IKEv2 usually uses an IPSec tool called the Mobility and Multi-homing Protocol, which ensures a VPN connection as you move between internet connections. This makes IKEv2 the most dependable and stable protocol for mobile devices.
• 

  Security. As part of the IPSec suite, IKEv2 works with most leading encryption algorithms, making it one of the most secure VPNs.
• 

  Speed. It takes up little bandwidth when active and its NAT traversal makes it connect and communicate faster. It also helps to get through firewalls.

Cons

• 

  Limited compatibility. IKEv2/IPsec isn’t compatible with too many systems. This won’t be an issue for Windows users since Microsoft helped to create this protocol, but some other operating systems will need adapted versions.

When to use it: IKEv2/IPsec stability guarantees that you won’t lose your VPN connection when switching from Wi-Fi to mobile data, so it could be a good choice when you’re on the move. It also quickly bypasses firewalls and can offer high speeds online.

WireGuard is the newest and fastest tunneling protocol the entire VPN industry is talking about. It uses state-of-the-art cryptography that outshines the current leaders – OpenVPN and IKEv2/IPsec. However, it’s still considered experimental, so VPN providers need to look for new solutions (like NordLynx by NordVPN) to overcome WireGuard’s vulnerabilities.

Pros

• 

  Free and Open Source. Anyone can look into its code, which makes it easier to deploy, audit, and debug.
• 

  Modern and extremely fast. It consists of only 4,000 lines of codes, making it “the leanest” protocol of them all. In comparison, OpenVPN code has 100 times more lines.

Cons

• 

  Incomplete. WireGuard is promising to be the “next big thing”, but its implementation is still in its early stages and it has a lot of room for improvement. It currently fails to provide users any level of anonymity (though it’s important to remember that full anonymity is never possible) so VPN providers need to find custom solutions for providing the necessary security without losing speed.

When to use it: Use WireGuard whenever speed is a priority: streaming, online gaming, or downloading large files.

Secure Socket Tunneling Protocol (SSTP) is a fairly secure and capable VPN protocol created by Microsoft. It has its upsides and downsides, meaning that each user has to decide for themselves whether this protocol is worth using it. Despite being a primarily Microsoft product, SSTP is available on other systems besides Windows.

Pros

• 

  Owned by Microsoft. With the lion’s share of the market, you can be confident that your Windows OS will either support SSTP or have it built-in. That also means if you try to set it up yourself, it should be easy and you can expect Microsoft support.
• 

  Secure. Similarly to other leading VPN protocols, SSTP supports the AES-256 encryption protocol.
• 

  Bypasses firewalls. SSTP can get through most firewalls without interrupting your communications.

Cons

• 

  Owned by Microsoft, meaning that the code isn’t available to security researchers for testing. Microsoft has been known to cooperate with the NSA and other law-enforcement agencies, so some suspect that the system may have backdoors. Many VPN providers avoid this protocol.

When to use it: SSTP is good for enhancing privacy while browsing the internet.

Layer 2 tunneling protocol (L2TP) doesn’t actually provide any encryption or authentication – it’s simply a VPN tunneling protocol that creates a connection between you and a VPN server. It relies on the other tools in the IPSec suite to encrypt your traffic and keep it private and secure. This protocol has a few convenient features, but certain issues prevent it from being a leading VPN protocol. (L2TP is no longer among supported NordVPN protocols.)

Pros

• 

  Security. Ironically, L2TP not offering any security at all makes it fairly secure. That’s because it can accept a number of different encryption protocols, making the protocol as secure or lightweight as you need it to be.
• 

  Widely available. L2TP is available on almost all modern consumer systems, meaning that admins will have no trouble finding support and getting it running.

Cons

• 

  Potentially compromised by the NSA. Like IKEv2, L2TP is usually used with IPSec, therefore it presents the same previously mentioned vulnerabilities.
• 

  Slow. The protocol encapsulates data twice, which can be useful for some applications but makes it slower compared to other protocols that only encapsulate your data once.
• 

  Has difficulties with firewalls. Unlike other VPN protocols, L2TP doesn’t have any clever ways to get through firewalls. Surveillance-oriented system administrators use firewalls to block VPNs, and people who configure L2TP themselves are an easy target.

When to use it: You can use L2TP to securely shop online and perform banking operations. It is also beneficial when you want to connect several company branches into one network.

Point to Point Tunneling Protocol (PPTP) was created in 1999 and was the first widely available VPN protocol. It was first designed to tunnel dialup traffic. It uses some of the weakest encryption protocols of any VPN protocol on this list and has plenty of security vulnerabilities. (PPTP is no longer a supported NordVPN protocol.)

Pros

• 

  Fast. It’s outdated, so modern machines run PPTP very efficiently. It’s fast but offers minimal security, which is why it’s popular among people who want to set up home VPNs strictly for accessing geo-blocked content.
• 

  Highly compatible. In the many years since it was made, PPTP has essentially become the bare-minimum standard for tunneling and encryption. Almost every modern system and device supports it. This also makes it easy to set up and use.

Cons

• 

  Insecure. Numerous vulnerabilities and exploits have been identified for PPTP. Some (not all) have been patched and even Microsoft has encouraged users to switch to L2TP or SSTP.
• 

  Cracked by the NSA. The NSA is said to regularly decrypt this protocol as a matter of course.
• 

  Blocked by firewalls. As an old, outdated and bare-bones system, PPTP connections are easier to block via firewall. If you’re using the protocol at a school or business that blocks VPN connections, this can disrupt your service.

When to use it: We recommend using PPTP only for streaming. For anything else, you should use more advanced VPN protocols.

VPN protocol	Speed	Encryption	Streaming	Stability	P2P	Available in NordVPN app
OpenVPN	Fast	Very good	Good	Good	Good
IPSec/IKEv2	Fast	Good	Good	Very good	Good
Wireguard*	Very fast	Very good	Good	Very good	Good
SSTP	Medium	Good	Medium	Medium	Good
L2TP/IPSec	Medium	Medium	Poor	Good	Poor
PPTP	Fast	Poor	Poor	Good	Poor

* Our NordLynx protocol is built around WireGuard and you can find it on the NordVPN app.

There is no such thing as the best VPN protocol suitable for everyone. The answer to this question depends on your needs and what you do on the internet. If you’re an avid gamer, you probably use VPN for different reasons than someone who watches a lot of TV shows or often works from cafes. To determine the best NordVPN protocol for you, carefully consider what you need most out of your VPN connection.

WireGuard is considered to be the fastest VPN protocol, offering quicker connection/reconnection times and improved battery life for mobile devices. NordLynx by NordVPN couples WireGuard’s speed with enhanced security. IKEv2/IPsec is also considered a fast protocol and it may serve the needs of many.

Is IKEv2/IPsec faster than OpenVPN? It usually is, because it is less CPU-intensive that OpenVPN. While IKEv2 will often be the best option, there are many other elements that impact speed, which depends on more than just the protocol being used.

Many VPN experts recommend OpenVPN as the most secure protocol. It uses 256-bit encryption as a default but also offers other ciphers such as 3DES (triple data encryption standard), Blowfish, CAST-128, and AES (Advanced Encryption Standard).

IKEv2/IPsec is considered to be the most stable VPN protocol as it provides a strong connection and allows users to switch between networks without risking their security.

When you’re gaming online, the most important thing is speed. You don’t want lag or low MS to ruin the experience, so it’s important to use a VPN protocol that maximizes data throughput. The best option here is NordLynx, a protocol built on the WireGuard protocol and accessible with NordVPN. NordLynx provides the fastest VPN speeds available, without compromising on security or stability.

PPTP protocol is built into many devices, making it one of easiest protocols to set up. However, since it is outdated and is well-known for security issues, we don’t recommend using it. Look into other options such as WireGuard or IKEv2/IPsec.

VPN services like NordVPN set up the protocols for you so you don’t need to worry about tweaking them for better performance. In fact, you can switch NordVPN protocols with just a couple of clicks on our app.

Check out our video on VPN protocols below.