VPN (Virtual Private Network) protocols are rules that make sure the VPN works smoothly, safely, and reliably. There is a wide variety of current and outdated VPN protocols — we’ll review how they compare and which ones are best for every situation.
What is a VPN protocol?
A VPN protocol is a ruleset for creating or participating in a Virtual Private Network (VPN). It acts as a set of instructions that determines how data and traffic are routed between your computer and the VPN server.
Table of contents
What a VPN protocol is not
Let’s bust some widespread VPN myths to kick us off:
❌ VPN protocols determine your connection speed: yes, but not directly. This statement is only partially true.
❌ VPN protocols determine your connection security: they don’t. The encryption algorithms do.
You may wonder, what makes VPN protocols important, then?
✅ Protocols help VPN services build and configure their networks on an existing digital foundation.
It is possible to develop and use your own protocols, but it would be a waste of time and resources. Most VPN providers use trusted and audited open-source protocols which support multiple operating systems.
A deep dive into the different VPN security protocols
Simply connecting to a VPN server might be enough for you. As long as it works, there’s no need to worry about which VPN protocol you’re using, right? But the default setting isn’t always the best option. Here’s what the experts at NetBlocks say about it:
“The underlying protocol a VPN uses affects latency, performance, and reliability of the encrypted tunnel. Tracking connectivity around the world, we see that not all protocols are equal, so consumers should get familiar with the options,” says Alp Toker, founder and director of an independent internet monitoring organization NetBlocks.
With this in mind, let’s take a closer look at what makes certain VPN protocols shine:
-
OpenVPN
Pros: | Cons: |
|---|---|
No known vulnerabilities | Bulky code |
Top-tier encryption and authentication | Software setup may seem challenging |
Open-source |
Verdict: Recommended in most situations.
OpenVPN is an open-source VPN system that comes both as software and a protocol for VPN services. Its encryption and verification processes are based on the TLS (Transport Layer Security) methodologies.
It is usually paired with the very secure AES-256-GCM encryption algorithm. The open-source nature of this protocol allows specialists worldwide to check it for security gaps and other issues.
OpenVPN is quite hard to set up manually, but that’s not an issue if you use a VPN service like Surfshark — it’s all done for you in advance.
OpenVPN TCP vs. UDP: what is that?
OpenVPN TCP and OpenVPN UDP are not two separate VPN protocols. TCP and UDP are essentially different transport layer protocols that OpenVPN can use to establish a VPN connection.
TCP guarantees a stable connection by making sure all data packets arrive in order. UDP does it faster by throwing everything at you and then arranging them to work.
While UDP works best for most users, we recommend trying them both and using the one that provides a smoother connection.
-
IKEv2/IPSec
Pros: | Cons: |
|---|---|
Very fast | Speed may vary depending on the distance between your device and the server |
Reliable | |
Works well on mobile networks |
Verdict: Recommended in most situations.
Internet Key Exchange version 2 (IKEv2) is the authentication protocol used with the IPSec (Internet Protocol Security) VPN protocol. Since IPSec operates in the background on the system’s kernel, it allows IKEv2 to be very fast.
IKEv2 is implemented on most operating systems, so you can easily use it instead of the slower OpenVPN. While it relies on the same grand security tools as OpenVPN, IKEv2 is much easier to scale and maintain on a server level.
-
WireGuard
Pros: | Cons: |
|---|---|
Secure | Relatively new — hasn’t had much time for testing |
Only 4,000 lines of code | |
Open-source | |
Exceptional speed | |
Connectionless | |
Easy to set up |
Verdict: Highly recommended in most cases.
WireGuard is the most recent addition to the list of VPN protocols. It delivers a connection speed faster than IKEv2 and OpenVPN yet only uses 4,000 lines of code (to compare, OpenVPN clocks in at around 400,000). Its lightweight code allows easier auditing and, in theory, improves stability.
While it doesn’t have years of experience and testing like OpenVPN, WireGuard offers top-tier security and encryption standards at an unmatched speed due to its simplicity. Implemented on Linux and Android, it’s here to stay.
*WireGuard is a registered trademark of Jason A. Donenfeld.
-
SoftEther
Pros: | Cons: |
|---|---|
Fast, stable, and secure | Relatively new — hasn’t had much time for testing |
Comes with additional features to protocols like OpenVPN | |
Open-source |
Verdict: Good alternative to OpenVPN.
SoftEther is an open-source multi-protocol VPN client and server software. It adds advanced functionality features — GUI (Graphical User Interface) Management and RPC (Remote Procedure Calls) — over HTTPS (Hypertext Transport Protocol).
It is faster than OpenVPN and can use the same security tools. However, it hasn’t been around that long, so it’s not as tested as OpenVPN and not as fast or easy to use as WireGuard.
-
PPTP
Pros: | Cons: |
|---|---|
Easy setup | Awful security |
Fast | Known to be exploited |
Severely outdated | |
Easily blocked by firewalls |
Verdict: Not recommended. Ever.
Point-to-Point Tunneling Protocol (PPTP) is an obsolete tunneling protocol that no VPN service should ever use. It only supports encryption ciphers up to 128 bits and has several known exploits revealed by the US government and the NSA (National Security Agency).
As internet security and privacy advocates, we don’t recommend PPTP under any circumstances.
-
SSTP
Pros: | Cons: |
|---|---|
Easily bypasses firewalls | Code was never revealed/audited |
Can use industry-standard encryption | Difficult to make compatible with operating systems apart from Windows |
Does well with negotiating and checking internet traffic | Code is unavailable for VPN developers to tinker with |
Easy setup on Windows OS |
Verdict: Secure-ish but not recommended.
Secure Socket Tunneling Protocol (SSTP) is a tunneling protocol that can send PPP (Point-to-Point Protocol) traffic. SSTP can run over port 443, which is often left open in firewalls, allowing the user to bypass them.
SSTP does have its drawbacks: there’s a lack of compatibility with other operating systems besides Windows, and its code remains unaudited, raising concerns that it might have in-built backdoors.
-
L2TP/IPsec
Pros: | Cons: |
|---|---|
Relatively secure | Outdated |
L2TP does not encrypt itself | |
Bad authentication | |
Slow |
Verdict: Not recommended.
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that does not provide security on its own and uses IPSec for encryption. L2TP encapsulates data twice, which slows down the connection speed.
Also, it’s been rumored by John Gilmore, one of the founders of the EFF (Electronic Frontier Foundation), that L2TP has been deliberately made less secure during its development stages.
-
What about Shadowsocks?
Shadowsocks is a tunnel proxy based on SOCKS5, and while it can run through a VPN application, it is not a VPN protocol.
It’s an open-source project specifically designed to bypass the Great Firewall of China. However, it’s not the most graceful setup to implement and run. For our Chinese users, NoBorders mode should help meet that need.
VPN protocol comparison
VPN Protocol | Security | Speed Potential | Stability | Encryption | Set up | Good for |
|---|---|---|---|---|---|---|
OpenVPN TCP | Very secure (No known vulnerabilities) | Very fast | Depends on server configuration | AES-256-GCM | Easy with a VPN, difficult on its own | Router compatibility, any and everyday use |
OpenVPN UDP | Very secure (No known vulnerabilities) | Very fast | Depends on server configuration | AES-256-GCM | Easy with a VPN, difficult on its own | Router compatibility, any and everyday use |
IKEv2/IPSec | Very secure (No known vulnerabilities) | Very fast | Depends on server configuration | AES-256-GCM | Easy with a VPN, difficult on its own | Short-distance connections, mobile networks, and everyday use |
WireGuard | Very secure (No known vulnerabilities) | Very fast | Depends on server configuration | AES-256-GCM | Easy | Everyday use |
SoftEther | Very secure (No known vulnerabilities) | Very fast | Depends on server configuration | AES-256-GCM | Client setup | Everyday use |
PPTP | Not secure | Very fast | Depends on server configuration | 128 bit | Very easy | Nothing but outdated hardware and old devices |
SSTP | Average | Average | Depends on server configuration | AES-256-GCM | Easy on Windows | Connecting windows devices |
L2TP/IPsec | Secure | Fast | Depends on server configuration | AES-256-GCM | Easy on Windows | Nothing that IKEv2/IPSec cannot offer |
VPN protocol comparison table
As you see, most protocols are fairly similar. Surfshark uses WireGuard, IKEv2, and OpenVPN to give you a trustworthy alternative depending on your needs.
Which VPN protocol should I choose?
WireGuard and IKEv2/IPSec lead the way as the two best VPN protocols in the industry today. OpenVPN is a close third as it delivers similar results but is more difficult to work with. However, many routers are OpenVPN-compatible, so it’s handy if you want to set up a VPN on your home network.
Truthfully, “best” is a strong word, and it’s impossible to pick one protocol that’s the best for every situation. Your decision should depend on your specific VPN needs and how you plan to use it.
Which VPN protocol is the most secure?
Just like with the “best” category, there’s no such thing as “the most secure” VPN protocol. WireGuard, IKEv2, and OpenVPN all achieve similar levels of security — and they’re really secure. All three are trusted by names such as Surfshark and NordVPN, as well as many others in the industry.
But even with secure protocols, what matters the most is how a provider builds and configures their VPN network. You probably shouldn’t trust a free VPN, even if it runs WireGuard!
Which VPN protocol is the fastest?
Contrary to popular belief, VPN protocols don’t have a dramatic impact on your connection speed. Here’s what really matters:
- The speed of your internet connection (great impact);
- Your device compatibility and quality (great impact);
- VPN server load and throughput (moderate to great impact);
- The distance between you and the VPN server (moderate impact).
As far as connection speeds are concerned, it comes down to the wire between WireGuard and IKEv2 (pun fully intended).
Which VPN protocol is the most stable?
OpenVPN TCP (Transmission Control Protocol) tends to be the most stable protocol, especially when dealing with unreliable networks. Still, it comes at the price of speed. TCP takes a bit longer than UDP (User Datagram Protocol) to relay every bit of information.
Which VPN protocol is best for streaming?
Don’t you love it when your favorite show starts buffering midway through? Yeah, me neither. You can avoid it by using fast and stable VPN protocols such as WireGuard and IKEv2/IPsec — both are great for streaming content.
Which VPN protocol is best for gaming?
When playing games online, your performance depends not only on your skill but also on your connection speed. To make sure you have the lowest ping possible, choose WireGuard as your primary VPN protocol. It’s the fastest option available today, which makes it the best choice for gaming.
Why WireGuard, OpenVPN, and IKEv2 are the best VPN protocols
Most older protocols outside of WireGuard, OpenVPN, and IKEv2 are outdated and full of vulnerabilities. There’s no good reason to use any other VPN protocol outside of these three.
To be honest, one protocol is enough to provide a good VPN service, but due to the differences in compatibility for routers and different operating systems, we provide all three.
Experience VPN protocols in action
After this deep dive, you know everything about VPN protocols a VPN user might need. The most important thing is to pick one that best suits your needs. We recommend using WireGuard or IKEv2 for general use and OpenVPN if you need to set up a VPN on your router. Good news, Surfshark offers all three!
FAQ
Is IKEv2 faster than OpenVPN?
In general, yes. Protocol speeds often depend on your network. It’s not an exact science, but many people report that IKEv2 works faster for them than OpenVPN.
What protocol should I use for a VPN?
Most VPNs will automatically choose the most suitable protocol for your connection, so you don’t have to worry about making this decision. Still, it’s always best to test them yourself.
What type of VPN is best?
The best VPN is a reliable, no-logs service with the resources to keep up with the newest security innovations.
What is the latest VPN protocol?
WireGuard is the latest VPN protocol. It’s also well-regarded for being fast and secure.
Is UDP good for a VPN?
Yes. UDP is one of the best protocols for a VPN as it’s stable, reliable, and offers good speeds.
What are the 3 most common VPN protocols?
Wireguard, OpenVPN, and IKEv2/IPSEC are three of the best VPN protocols available today. That’s why they’re also the most popular among premium VPN providers.
