When you dive into the deep waters of the VPN ocean, you need to take some care and pay attention to some important aspects in order to use this powerful weapon properly. One of the most important ones is definitely choosing the right protocol: basically, these are responsible for your overall VPN speed and safety. At the light of the increasing number of privacy threats and spying eyes over your traffic (that can come from hackers, authorities or even governments) VPN providers offer you typically the same range of supported protocols: OpenVPN, PPTP, L2TP, IKEv2 and SSTP.
But what are the advantages and disadvantages of each one and which ones should your VPN service certainly have? Go through this guide and we’ll show you what protocol you’ll want to be using from now on.
OpenVPN is the main protocol you want to look for, since it is not only the most reliable, but it also perfectly balances security and speed. This protocol is essentially an open source application (meaning that users can contribute to the development of the software and fix issues) and has custom encryption based on SSL/TLS key exchanges. Because it can be fully configured to run on any port, setting it to UDP will make it faster, while directing it to TCP port 443 will make your online traffic look just like standard HTTPS traffic, making it very hard to detect, distinguish from other traffic, or block completely. Also, you can configure it to use the safer AES-256 encryption instead of the weaker 128-bit one. To top it all, there is no one (including agencies like the almighty NSA) that compromised the use of the OpenVPN protocol so far.
As for connection speed, it highly depends on factors like the service of your ISP provider and the servers you connect to. Overall, however, OpenVPN enjoys fast connections.
Although the vast majority of modern-day VPN providers already feature OpenVPN by default on their respective clients, some of them still do things the old fashioned way and work with a third-party app, either for desktop or mobile. Nonetheless, in what regards VPN providers that support OpenVPN, you should feel no stress finding one.
Advantages of OpenVPN
- Open source application that allows the community to easily fix errors
- Fully customisable for providing faster speeds or better security through UDP or TCP ports
- Extremely secure due to the strong AES 256-bit encryption
- Most popular and heavily supported protocol
- Stable and reliable
- Can traverse through firewalls with ease
Disadvantages of OpenVPN
- Setting up the best OpenVPN configuration may be tricky and will most likely require a guide for less tech-savvy users
- May require a third-party app if the VPN provider doesn’t support it in their client
- No support by some proxy servers
Best VPN Services of 2019
|Editor's Choice 2019|
PPTP stands for Point-to-Point Tunneling Protocol and is, unfortunately, the worst choice possible regarding VPN supported protocols. If you use Windows it is most likely that you’re running PPTP since it has been part of each Microsoft operating system since Windows 95. Furthermore, it is also native in most mobile devices such as smartphones or tablets. Despite being widely available, PPTP is unfortunately known for having quite a wide range of security issues. It features basic 128-bit encryption, and it is also relatively unstable. In fact, you will encounter this problem quite frequently, because sometimes it will take more than one try to connect. Even worse is that even after being able to connect, connections can still drop randomly. As a matter of fact, it is such a weak protocol that NSA could decrypt its traffic easily and it is fairly easy to be blocked by ISPs too. This means that if you’re running PPTP, whoever wants to get access to your internet traffic will be able to do so without much effort.
Still, it features great speeds and is easy to set up. The most important rule regarding VPN protocols is that the tighter the security, the slower it gets. Translated to PPTP, it has a shortage of security measures, but abundant speeds are something that will always be associated with it.
However, due to being extremely unsafe an outdated, Apple made sure that the newer versions of iOS 10 and Mac OS Sierra don’t support PPTP. Considering all of the above, it is very likely that other companies will follow this step shortly.
Advantages of PPTP
- Native in most devices such as desktops, smartphones and tablets
- Features an easy configuration setup, even for less tech-savvy people
- Provides fast connections due to low encryptions
- Probably a decent choice if OpenVPN is not supported and if your purpose is speed alone
- Works well on most Wi-Fi hotspots
Disadvantages of PPTP
- Old, outdated and vulnerable
- High amount of security flaws, such as a poor encryption
- Your online traffic will be left helpless and easily accessible
- Unstable (connection drops and difficulties)
- Will not protect you from governments or hackers
- Some companies are already abandoning its support
L2TP has a name that speaks for itself; in fact, the Layer 2 Tunneling Protocol is the only one that provides a routing tunnel for your traffic. It will not have any kind of encryption by itself, hence why it is commonly associated with the IPSec encryption and is usually labeled L2TP/IPSec. Just like PPTP, this protocol is native on most devices including computers, smartphones and tablets, but unlike PPTP, it provides decent protection, since there are no major flaws known to date. However, there are still some catches: even though it has an easy setup, the Linux server one can be much of a challenge to configure accurately. Furthermore, because it uses UDP port 500, it can’t be disguised on another port, making it easier to block and harder to break firewalls.
As for speed, L2TP falls in the middle since your traffic will be put through a two-step process. First, that traffic is converted into L2TP and only then it is encrypted with IPsec; this means that this is a much slower protocol than OpenVPN for instance. However, if you are concerned about security, this protocol is a good choice, as it features 256-bit encryption too.
Advantages of L2TP
- Supported on most devices (desktops, smartphones and tablets)
- Easy to configure
- No major vulnerabilities
- Generally stable on NAT-supported devices
- Good choice for security purposes (high encryption key, two-step conversion process
Disadvantages of L2TP
- Speed is greatly affected by its strong, two-step encryption process (high CPU usage)
- Complicated Linux server configuration
- Relatively easy to block by ISPs (not disguised on other ports)
- If not associated with IPSec, it will not encrypt any data at all
When talking about the IKEv2 protocol it is important to clarify that IKE stands for Internet Key Exchange, while v2 indicates it’s the second version of the protocol. IKEv2 was established collectively by Microsoft and Cisco to set up a security association in the IPsec protocol suite. To tell a long and very techy story short, IKEv2 was created due to some issues with the previous default IKE protocol. The improvements made were related to supporting NAT and firewall traversal, SCTP protocol support, fewer cryptographic mechanics and DoS (Denial of Service) attack resilience, among many others. As an IPSec-based tunneling protocol, IKEv2 assures full security, since it supports a wide range of chippers like 3DES, AES and AES-256. It also features fast speeds with which it is able to easily compete with its competitors like L2TP, PPTP and SSTP. However, IKEv2 uses UDP port 500 which can be easily blocked.
Mobile users may be the ones who benefit the most from the use of this protocol, as it supports the Mobility and Multihoming (MOBIKE) method. This ensures the almost complete elimination of connection drops and switches; in fact, IKEv2 is in a close second place as the perfect protocol for unstable Wi-Fi networks. Also, this is one of the few VPN protocols with support for Blackberry, which, considering that no other VPN protocols are supported by this OS, is good news for its users.
Advantages of IKEv2
- Solid security due to a good variety of strong ciphers
- Faster speeds than most of its direct rivals
- Easy set-up
- Very stable and reliable
- Probably the best option for mobile users
- Blackberry support
Disadvantages of IKEv2
- It is only supported by few devices (Windows 7, 8, 10 or Server 2012)
- It uses UDP port 500 which can easily be blocked by ISPs
- Hard setup regarding servers
- Not supported by many VPN providers
Last but not least, we have SSTP, which is the most widespread VPN protocol. Secure Socket Tunneling Protocol was created by Microsoft, hence it is best supported on Windows operating systems. Introduced in Windows Vista Service Pack 1 and supported on all Microsoft operating systems since its inception, it can be configured to use the solid and secure AES encryption. Its main competitor is OpenVPN, but since the latter is not integrated into Microsoft’s operating systems, SSTP is more suitable for Windows itself. To top it all, it even features better support too.
SSTP features high encryption, as it uses SSL v3 and the HTTPS TCP port 443. These two encryptions make it very hard for unwanted eyes to spy on you and block your internet access. However, with SSTP it is very easy to traverse through firewalls and NAT as well.
Unfortunately, the code of this protocol is not available to the public’s eyes since it belongs to Microsoft. In fact, it will only work properly on Windows platforms (although it is now offered for Linux, RouterOS and also SEIL users). But the worst thing is that Microsoft has a long history of co-operating with the NSA, therefore use it only if your data doesn’t need to be secured.
Advantages of SSTP
- High encryption to easily traverse through firewalls and NAT
- Completely integrated in all Windows operating systems (from Vista Service Pack 1)
- Top-notch Microsoft support
- Stable and trustworthy
- Hard to detect and block due to TCP port 443
- Support for other operating systems
Disadvantages of SSTP
- Data may be shared with NSA despite prior promises
- Not supported by all VPN providers
- Very limited support for devices other than Microsoft-based ones
- Internet speeds in general are far from ideal and worse than its main competitors