What is a VPN protocol?

VPN protocol names in a word cloud
(Image credit: WordArt.com)

Using a VPN doesn't require a lot of technical know-how. Launch app, click Connect, and a few seconds later your internet traffic is encrypted, and you're protected from snoopers. Easy.

Browse the app menus or your VPN's website, though, and you'll come across more technical details. In particular, you'll read about VPN protocols, and how important they are to keeping you safe.

Many providers weigh this topic down with so much jargon and geek-level network-speak that it's tempting to just close the browser tab, and move on. But it doesn't have to be that way. You don't need to be any kind of expert to understand the protocol basics, and learning just a few key details can make a real difference to your VPN experience.

VPN protocol basics

A VPN protocol is a set of instructions a VPN app and server use to set up a connection, then securely communicate with each other.

The protocol defines how the app logs into the server; how the server proves its identity to the app; the methods used to send data in each direction, the encryption used, and every other aspect of how your VPN connection works.

Your choice of protocol often has a major effect on the VPN. We've seen connection times drop from 20 seconds to less than one, just by swapping protocols, and overall speeds might be two or three times faster with one protocol than another.

There are less visible effects, too. Take your security, for instance. Modern protocols typically give you industrial-strength protection, but a few older options are so outdated that they should be avoided at all costs. Learning which to use, and which to ignore can save you a lot of problems later.

The VyprVPN website displays supported protocols

(Image credit: VyprVPN)

Which VPN protocols are available?

VPN apps typically offer a choice of several protocols. These are some of the most common options.

OpenVPN

OpenVPN is a popular protocol, available from most providers, and it's easy to see why. It's secure, fast and highly configurable. It's open source, which means anyone can look at the code to confirm it works as promised. And it's supported by mobiles, desktops, routers and just about every other device type, so you can be sure it'll run almost anywhere.

WireGuard

WireGuard is the new VPN protocol on the block with a more stripped back design. It doesn't have a fraction of OpenVPN's features, but WireGuard still does more than most people will ever need, and its leaner approach delivers some of the fastest VPN download speeds around. Indeed, our reviews often show WireGuard connections are two to three times faster than OpenVPN.

IKEv2

IKEv2 is a Microsoft and Cisco-developed protocol which offers strong security, and works well on both desktops and mobile devices. But although in theory it should be speedy, our performance tests usually find it's significantly slower than both WireGuard and OpenVPN.

L2TP/IPSec

L2TP/IPSec is an older, simpler VPN protocol. It's widely supported on many device types, but it can be slow, and doesn't have any special features to help it bypass VPN blocking or get through firewalls.

PPTP

PPTP has been around for more than 30 years, making it one of the oldest VPN protocols. It runs almost everywhere, and the lack of features makes it relatively fast. But it's so insecure, with several known vulnerabilities, that most VPNs have dropped it from their lineup.

WireGuard logo

(Image credit: WireGuard)

What are proprietary VPN protocols?

Some of the best VPN providers have custom protocols of their own.

ExpressVPN has developed Lightway, for instance; NordVPN has a protocol called NordLynx, and Hotspot Shield's offering is Catapult Hydra.

These are usually fast and very secure (NordLynx is an adapted version of WireGuard we discussed above), but there are down sides, too. Although Lightway is open source, NordLynx and Catapult Hydra are not, so there's no way for experts to verify how they work. And because these are proprietary protocols, they're not supported by other providers or device manufacturers. You can only use them via the provider's own apps and hardware.

Which protocol is best?

There's no single protocol that best covers everyone, in every situation. But following a few general rules can get you good results.

Many VPN apps have an 'Automatic' setting, which tells the app to choose the best protocol for you. Leave this on and you're unlikely to have any problems.

If you're selecting a protocol manually, and your provider has a custom protocol such as ExpressVPN's Lightway, then that will typically get you the best performance.

Working down the list, WireGuard is likely to deliver excellent speeds, with OpenVPN next, and IKEv2 third. All are very secure.

L2TP isn't a great performer, but it's enough to protect your web banking, shopping and other sensitive activities.

PPTP, by comparison, has weak encryption and is usually best avoided. But if you don't care about security or privacy - you're using your VPN for Netflix or unblocking some other website, for instance - and there's no other option available, it might, just about, be good enough.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.