Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

Best VPN protocol comparison – which one is the fastest and safest?

Sep 05, 2019 · 1 min read

Best VPN protocol comparison – which one is the fastest and safest?

Not all VPNs were created equal. Depending on its VPN protocol, it can have different speeds, capabilities, or even security and privacy vulnerabilities. We’ll review the main VPN protocols so you can choose the best one for you.

What is a VPN protocol?

Virtual Private Networks (VPNs) and VPN protocols are not the same thing. NordVPN, for example, is a VPN service that lets users choose from a number of different VPN protocols depending on their needs and the device they’re using.

A VPN transmits your online traffic through encrypted tunnels to VPN servers that assign your device a new IP address. VPN protocols are sets of programs and processes that determine how that tunnel is actually formed. Each one is a different solution to the problem of secure, private, and somewhat anonymous internet communication.

No VPN protocol is perfect. Each may have potential vulnerabilities, documented or yet to be discovered, that may or may not compromise your security. Let’s delve into each protocol’s pros and cons.

Leading VPN tunneling protocols

OpenVPN

OpenVPN

OpenVPN is a very popular and highly secure protocol used by many VPN providers. It runs on either the TCP or UDP internet protocol. The former will guarantee that your data will be delivered in full and in the right order while the latter will focus on faster speeds. Many VPNs, including NordVPN, will let you choose between the two.

Pros

  • pros
    Open source, meaning it’s transparent. Anyone can check the code for hidden backdoors or vulnerabilities that might compromise your VPN’s security.
  • pros
    Versatility. It can be used with an array of different encryption and traffic protocols, configured for different uses, or be as secure or light as you need it to be.
  • pros
    Security. It can run almost any encryption protocol, making it very secure.
  • pros
    Bypasses most firewalls. Firewall compatibility isn’t an issue when using NordVPN, but it can be if you ever set up your own VPN. Fortunately, with OpenVPN you’ll be able to bypass your firewall easily.

Cons

  • cons
    Complex setup. Its versatility means that most users may be paralyzed by choice and complexity if they try to set up their own OpenVPN.

IPSec/IKEv2

IPSec/IKEv2

IKEv2 sets the foundation for a secure VPN connection by establishing an authenticated and encrypted connection. It was developed by Microsoft and Cisco to be fast, stable, and secure. It succeeds on all of these fronts, but where it really shines is its stability. As part of the IPSec internet security toolbox, IKEv2 uses other IPSec tools to provide comprehensive VPN coverage.

Pros

  • pros
    Stability. IKEv2 usually uses an IPSec tool called the Mobility and Multi-homing Protocol, which ensures a VPN connection as you move between internet connections. This makes IKEv2 the most dependable and stable protocol for mobile devices.
  • pros
    Security. As part of the IPSec suite, IKEv2 works with most leading encryption algorithms, making it one of the most secure VPNs.
  • pros
    Speed. It takes up little bandwidth when active and its NAT traversal makes it connect and communicate faster. It also helps to get through firewalls.

Cons

  • cons
    Limited compatibility. IKEv2 isn’t compatible with too many systems. This won’t be an issue for Windows users since Microsoft helped to create this protocol, but some other operating systems will need adapted versions.
  • cons
    Potentially compromised by the NSA. It uses the Diffie Hellman process to securely exchange public keys needed to encrypt your traffic. Edward Snowden has previous revealed that the NSA may have discovered a way to break this procedure. These claims haven’t been confirmed, but diligent programmers, including NordVPN, have patched up the issue.

Wireguard

Wireguard is the newest and fastest tunnelling protocol the entire VPN industry is talking about. It uses state-of-the-art cryptography that outshines the current leaders – OpenVPN and IPSec/IKEv2. However, it’s still considered experimental, so VPN providers need to look for new solutions (like NordLynx by NordVPN) to overcome Wireguard’s vulnerabilities.

Pros

  • pros
    Free and Open Source. Anyone can look into its code, which makes it easier to deploy, audit, and debug.
  • pros
    Modern and extremely fast. It consists of only 4,000 lines of codes, making it “the leanest” protocol of them all. In comparison, OpenVPN code has 100 times more lines.

Cons

  • cons
    Incomplete. Wireguard is promising to be the “next big thing”, but its implementation is still in its early stages and it has a lot of room for improvement. It currently fails to provide users full anonymity, so VPN providers need to find custom solutions for providing the necessary security without losing speed.

SSTP

SSTP

Secure Socket Tunneling Protocol (SSTP) is a fairly secure and capable VPN protocol created by Microsoft. It has its upsides and downsides, meaning that each user has to decide for themselves whether this protocol is worth using it. Despite being a primarily Microsoft product, SSTP is available on other systems besides Windows.

Pros

  • pros
    Owned by Microsoft. With the lion’s share of the market, you can be confident that your Windows OS will either support SSTP or have it built-in. That also means if you try to set it up yourself, it should be easy and you can expect Microsoft support.
  • pros
    Secure. Similarly to other leading VPNs, SSTP supports the AES-256 encryption protocol.
  • pros
    Bypasses firewalls. SSTP can get through most firewalls without interrupting your communications.

Cons

  • cons
    Owned by Microsoft, meaning that the code isn’t available to security researchers for testing. Microsoft has been known to cooperate with the NSA and other law-enforcement agencies, so some suspect that the system may have backdoors. Many VPN providers avoid this protocol.

Outdated VPN Protocols

L2TP/IPSec

L2TP/IPSec

Layer 2 tunneling protocol (L2TP) doesn’t actually provide any encryption or authentication – it’s simply a VPN tunneling protocol that creates a connection between you and a VPN server. It relies on the other tools in the IPSec suite to encrypt your traffic and keep it private and secure. This protocol has a few convenient features, but certain issues prevent it from being a leading VPN protocol. (NordVPN no longer supports L2TP.)

Pros

  • pros
    Security. Ironically, L2TP not offering any security at all makes it fairly secure. That’s because it can accept a number of different encryption protocols, making the protocol as secure or lightweight as you need it to be.
  • pros
    Widely available. L2TP is available on almost all modern consumer systems, meaning that admins will have no trouble finding support and getting it running.

Cons

  • cons
    Potentially compromised by the NSA. Like IKEv2, L2TP is usually used with IPSec, therefore it presents the same previously mentioned vulnerabilities.
  • cons
    Slow. The protocol encapsulates data twice, which can be useful for some applications but makes it slower compared to other protocols that only encapsulate your data once.
  • cons
    Has difficulties with firewalls. Unlike other VPN protocols, L2TP doesn’t have any clever ways to get through firewalls. Surveillance-oriented system administrators use firewalls to block VPNs, and people who configure L2TP themselves are an easy target.

PPTP

PPTP

Point to Point Tunneling Protocol (PPTP) was created in 1999 and was the first widely available VPN protocol. It was first designed to tunnel dialup traffic! It uses some of the weakest encryption protocols of any VPN protocol on this list and has plenty of security vulnerabilities. (NordVPN also no longer supports PPTP.)

Pros

  • pros
    Fast. It’s outdated, so modern machines run PPTP very efficiently. It’s fast but offers minimal security, which is why it’s popular among people who want to set up home VPNs strictly for accessing geo-blocked content.
  • pros
    Highly compatible. In the many years since it was made, PPTP has essentially become the bare-minimum standard for tunneling and encryption. Almost every modern system and device supports it. This also makes it easy to set up and use.

Cons

  • cons
    Insecure. Numerous vulnerabilities and exploits have been identified for PPTP. Some (not all) have been patched and even Microsoft has encouraged users to switch to L2TP or SSTP.
  • cons
    Cracked by the NSA. The NSA is said to regularly decrypt this protocol as a matter of course.
  • cons
    Blocked by firewalls. As an old, outdated and bare-bones system, PPTP connections are easier to block via firewall. If you’re using the protocol at a school or business that blocks VPN connections, this can disrupt your service.

VPN services like NordVPN set up the protocols for you, so you don’t need to worry about tweaking them for better performance.

For more cyber-security and privacy know-how, be sure to subscribe to our monthly newsletter below!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog