Not all VPNs were created equal. Depending on its VPN protocol, it can have different speeds, capabilities, or even security and privacy vulnerabilities. We’ll review the main VPN protocols so you can choose the best VPN protocol for you.
What is a VPN protocol?
VPNs and VPN protocols are not the same thing. NordVPN, for example, is a VPN service that lets users choose from a number of different VPN protocols depending on their needs and the device they’re using.
We know that VPNs transmit our online traffic through encrypted tunnels to VPN servers that assign us new IP addresses. VPN protocols are sets of programs and processes that determine how that tunnel is actually formed. Each one is a different solution to the problem of secure, private, and somewhat anonymous internet communication.
With a server and plenty of tech know-how, you could set up any of these VPN protocols yourself. VPN services like NordVPN set up the protocols for you, tweak them for better performance, add other features, and provide you with powerful infrastructure.
Here’s what you lose when using a home-made VPN vs. NordVPN:
- Nearly 5,000 servers around the world to connect to that let you assume the location of any country on our list. The constantly updated list of servers also means you can access many services that ordinarily block VPNs;
- Professional engineers who update and implement VPN protocols so you don’t have to bother;
- A simple and easy-to-use interface that makes connecting easy;
- Additional security features like CyberSec, obfuscation, and other tools above and beyond anything offered by any leading VPN protocol;
- The support of a 24/7 customer support team and the engineers they work with to ensure that our service always runs smoothly.
Keep in mind that none of these VPN protocols are perfect. Each may have potential vulnerabilities, documented or undiscovered, that may or may not compromise your security. Researchers around the world work hard every day to discover them. The security issues we discuss are only those significant enough to warrant mention.
Pros and cons of leading VPN security protocols
OpenVPN is a very popular and highly secure protocol that many VPN providers and individuals have embraced. The recent discovery of the VORACLE compression vulnerability has put a small dent in this protocol’s stellar reputation, but the vulnerability was an easy one to fix for NordVPN’s tech team. Despite the minor setback, OpenVPN is still one of the best protocols out there.
- Open source. The open source code of OpenVPN leads to a wide array of benefits. One of the most important is its transparency. Anyone can check the code for hidden backdoors, vulnerabilities, or other weaknesses that might compromise the VPN protocol’s security.
- Versatility. The open-source nature of OpenVPN means it can be used with a very wide array of different encryption and traffic protocols. It can be configured for different uses or to be as secure or light as you need it to be.
- Security. Due to its versatility, OpenVPN can run almost any encryption protocol, making it very secure.
Bypasses most firewalls. Firewall compatibility isn’t an issue when using NordVPN, but it can be if you ever set up your own VPN. Fortunately, the versatility of OpenVPN means you’ll be able to set it up to bypass your firewall easily.
- Complex setup. Its versatility means that less technically literate users may be paralyzed by choice (or complexity) if they try to set up their own OpenVPN. Luckily, this isn’t an issue when using NordVPN. Our expert engineers set up and maintain the system so you don’t have to.
IKEv2 is a security association protocol that sets the foundation for a VPN connection by establishing an authenticated and encrypted connection between two parties. It was developed by Microsoft and Cisco to be fast, stable, and secure. It succeeds on all of these fronts, but where it really shines is its stability. As part of the IPSec internet security toolbox, IKEv2 uses other IPSec tools to provide comprehensive VPN coverage.
- Stability. IKEv2 usually uses an IPSec tool called the Mobility and Multi-homing Protocol. When the client moves from one connection to another – as mobile users often do – this ensures that the VPN stays connected. That makes IKEv2 the most dependable and stable protocol for mobile devices.
- Security. As part of the IPSec suite, IKEv2 works with most leading encryption algorithms, making it one of the most secure VPNs available to consumers.
- Speed. This VPN is efficient, making it take up little bandwidth when active. Its NAT traversal makes it connect and communicate faster while also helping it get through firewalls.
- Limited compatibility. Right out of the box, IKEv2 isn’t compatible with too many systems. This won’t be an issue for Windows users since Microsoft helped create this protocol, but some other systems will need versions adapted to their environments. You won’t have to worry about that with NordVPN, though, as our engineers have ensured that IKEv2 works on nearly all of our apps.
- Potentially compromised by the NSA. IKEv2 uses the Diffie Hellman process to securely exchange the keys it uses to keep you safe. During the massive Edward Snowden leak, slides in an NSA presentation revealed that they may have discovered a way to break this key exchange procedure. Researchers working on a potential vulnerability estimated that, with hundreds of millions of dollars in computing power investments, the NSA could potentially break into as many as 66% of IPSec connections. These claims haven’t been confirmed, and some researchers have refuted them. Either way, the documentation of these vulnerabilities has allowed diligent programmers to patch up the issue. NordVPN has implemented these changes as well.
L2TP doesn’t actually provide any encryption or authentication – it’s simply a tunneling protocol that creates a connection between you and the other servers in your VPN. It relies on the other tools in the IPSec suite to encrypt your traffic and keep it private and secure. This protocol has a few convenient features, but certain issues prevent it from being a leading VPN protocol.
NordVPN doesn’t recommend using L2TP, but some of our servers do currently support it and it can be used via manual configuration.
- Security. Ironically, L2TP not offering any security at all makes it fairly secure. That’s because it can accept a number of different encryption protocols, making the protocol as secure or lightweight as you need it to be.
- Widely available. L2TP is available on almost all modern consumer systems, meaning that admins will have no trouble finding support and getting it running.
- Potentially compromised by the NSA. Like IKEv2, L2TP is usually used with IPSec. The NSA document leaks by Edward Snowden revealed that the NSA may possess a tool that compromises the Diffie-Hellman key exchange procedure used by IPSec. With massive investments in computing power (something the NSA probably has), it may be able to break into as many as 66% of IPSec VPNs. These reports are unconfirmed, and some researchers have disputed them. In any case, the revelation of these potential vulnerabilities has led many services to patch those holes up (NordVPN included).
- Slow. The L2TP protocol encapsulates data twice, which can be useful for some applications but makes it slower compared to other protocols that only encapsulate your data once.
- Has difficulties with firewalls. Unlike other, more sophisticated VPN protocols, L2TP doesn’t have any clever ways to get through firewalls. Surveillance-oriented system administrators use firewalls to block VPNs because VPNs hide traffic, and people who configure L2TP themselves are an easy target. With NordVPN’s configuration, however, it will have an easier time getting through firewalls.
SSTP is a fairly secure and capable VPN protocol created by Microsoft. Being a proprietary Microsoft product has its upsides and downsides, meaning that each user has to decide for themselves whether this protocol is worth it. Despite being a primarily Microsoft product, SSTP is available on other systems besides Windows.
- Owned by Microsoft. With the lion’s share of the market for computers, you can be confident that your Vista or higher Windows OS will either support SSTP or have it built-in. That also means it’ll be easy to set up, though that’s of no concern if you use NordVPN. Lastly, it also means that you will probably enjoy support from Microsoft if you have any issues implementing the protocol.
- Secure. Like the other leading VPNs on this list, SSTP supports AES-256, a leading encryption protocol with no currently known implementable vulnerabilities.
- Bypasses firewalls. SSTP has the tools it needs to get through most firewalls without interrupting your communications. Again, this won’t be an issue either way if you use a pro VPN like NordVPN, but it can be for someone setting up their own VPN.
- Owned by Microsoft. SSTP is a proprietary Microsoft product, meaning that the code isn’t available to security researchers to test for potential weaknesses. Microsoft has been known to cooperate with the NSA and other law-enforcement agencies in the past, so some also suspect that the system may have backdoors allowing those agencies to track targeted users. Though these suspicions are currently unconfirmed, they’ve caused many VPN providers to avoid this protocol.
When it was created in 1999, this was the first widely available VPN protocol. It was first designed to tunnel dialup traffic! It uses some of the weakest encryption protocols of any VPN protocol on this list and has plenty of security vulnerabilities, but some people still use it.
- Fast. Having been designed for another age, modern machines run PPTP very efficiently. It’ll give you a fast connection with minimal security, which is why it’s popular among people who want to set up home VPNs strictly for accessing geo-blocked content.
- Highly compatible. In the many years since it was made, PPTP has essentially become the bare-minimum standard for tunneling and encryption. Almost every modern system and device supports it. This also makes it easy to set up and use.
- Insecure. It’s better than nothing, but not by much. Numerous vulnerabilities and exploits have been identified for PPTP. Some (not all) have been patched, but even Microsoft, which was responsible for patching the notable MS CHAP v2 vulnerability, has encouraged users to switch to L2TP or SSTP.
- Cracked by the NSA. The NSA is said to regularly decrypt this protocol as a matter of course. Given that it has more holes than a wedge of Swiss cheese, there’s no good reason to doubt this rumor.
- Blocked by firewalls. As an old, outdated and bare-bones system, PPTP connections are easier to block via firewall. If you’re using the protocol at a school or business that blocks VPN connections, this can disrupt your service. A professional VPN service and configuration can help avoid this issue, but if you’re using a professional VPN, you’ve probably got access to a better VPN protocol.
For more cyber-security and privacy know-how, be sure to subscribe to our monthly newsletter below!