Everything You Need to Know About VPN Protocols

What VPN Protocols Do VPN Providers Use?

Many people think VPN providers just use one protocol to set up the connection. While some of them (especially the free ones) might do that, that’s not how things work. Most providers will actually offer you a choice between at least two to three VPN protocols.

Here’s a list of the main protocols you’ll see VPN providers using:

IPSec

IPSec is a pretty popular VPN protocol, but mostly because providers use it alongside L2TP and IKEv2. Also, it offers decent security and speed.

Still, not many VPN providers offer access to IPSec connections. Why? Because the protocol is tricky to configure. So, if a provider makes a mistake, they endanger user data.

Besides that, there are also three security concerns people tend to have with IPSec:

1. There have been some claims that cybercriminals could manage to decrypt IPSec traffic. However, it’s worth mentioning that hackers can only exploit IPSec vulnerabilities if the protocol uses IKEv1 instead of IKEv2.
2. Der Spiegel has claimed that the NSA managed to use various vulnerabilities to decrypt IPSec traffic. The only problem with that source is that the details are very vague, and there’s no exact way to know if the information is accurate or not since it’s mostly speculation.
3. Hackers can use downgrade attacks to target IPSec VPN connections. But that only happens if the VPN provider sets up IPSec to support multiple configurations, and - of course - they do it wrong and don’t use secure configurations.

L2TP/IPSec

L2TP/IPSec is a relatively fast and secure VPN protocol. It works across multiple platforms, and many operating systems offer it natively as well, so it’s easy to set up.

However, one problem with L2TP is that it only uses one port to set up the VPN connection. Because of that, network admins can easily block VPN connections that use L2TP/IPSec by just blocking that particular port.

Because of that, VPN providers have to tinker with the protocol a little to make sure it’s not as easy to block with a firewall.

And since L2TP uses IPSec, there have been claims that government surveillance agencies weakened the protocol. Though, there’s no real proof to back up those claims, so it all depends on what you believe.

“Can’t VPN providers offer L2TP on its own?”

They could, but that would be pretty pointless. L2TP alone doesn’t offer any kind of encryption, which is why you always see it together with IPSec.

IKEv2

IKEv2 handles the key exchange for the IPSec protocol, so it’s technically not a VPN protocol. Still, it does act like one, and more and more VPN providers started offering it as an option.

And given its benefits, it’s not hard to see why. IKEv2 offers fast and smooth Internet speeds, and it can resist network changes. So, your VPN connection won’t go down whenever you switch from your mobile data to a WiFi network, for instance.

Besides that, IKEv2 offers decent security since it offers support for powerful encryption ciphers. Of course, how much you trust the protocol ultimately depends on whether or not you have a problem with IPSec.

Other than that, IKEv2 doesn’t work on a lot of platforms, but it is natively available on BlackBerry devices.

And - unfortunately - just like L2TP/IPSec, it uses a single network port, so admins can easily block it - unless VPN providers configure it to bypass firewalls, of course.

PPTP

A very popular VPN protocol that nearly all VPN providers offer. Most users love PPTP because it offers very high speeds, is easy to set up and use, and works on most platforms.

Still, that convenience comes at a cost - lack of proper security. PPTP barely encrypts your data, and there’s proof that the NSA can crack PPTP traffic.

On top of that, firewalls can easily block PPTP traffic, and specific PPTP-friendly routers are necessary since some routers might not support PPTP data packets.

And that lack of security might affect PPTP’s cross-platform compatibility in the future. After all, Apple already removed PPTP connections from macOS Sierra and iOS 10 (as well as newer versions).

WireGuard

Out of all the current VPN protocols, WireGuard is the newest one. It boasts high-end security, it’s open-source, and it offers high connection speeds that surpass IPSec and OpenVPN.

That all sounds good, but the main problem is that WireGuard still needs to go through a lot of testing until it becomes a secure and stable protocol. Right now, there’s no way to tell for sure if your connection will suddenly drop or not, or if you’ll experience any data leaks.

Also, for now, it seems that WireGuard only uses UDP, though the devs haven’t made it clear which port the protocol uses. Regardless of that and the fact that WireGuard is a pretty “quiet” protocol, if network admins cut off all UDP traffic, and only allow TCP traffic, your WireGuard connection won’t go through.

There are some fixes to solve such an issue. The only problem is that they only work on Linux for now.

Still, the devs made good progress when it comes to cross-platform compatibility. Initially, WireGuard only worked on Linux distros, but it’s not available on iOS, Android, Windows, and macOS. Of course, you shouldn’t expect a very polished and user-friendly client yet.

All in all, you won’t see many VPN providers offering WireGuard connections, at least not yet.

SoftEther

What started out as a simple student project quickly became a successful VPN protocol implementation. SoftEther is open-source, offers top-of-the-line security, and provides top-notch stability with its auto-connect feature.

To top it all off, SoftEther offers very high connection speeds which don’t seem to take a hit when the protocol uses powerful encryption. According to this data, SoftEther is even faster than PPTP and OpenVPN.

Really, the only drawbacks SoftEther has is that the protocol doesn’t natively work on as many platforms as other VPN protocols (it usually requires additional software to run), and the fact that not many providers offer SoftEther as an option.

OpenVPN

OpenVPN is one of the most popular VPN protocols at the moment. It’s all due to the fact that it’s open-source, highly secure, and because it offers multiple configuration options.

Also, OpenVPN can use both UDP and TCP, meaning network admins can’t block OpenVPN connections with firewalls - especially since OpenVPN can use TCP port 443, which is the HTTPS port.

The only thing you might not like about OpenVPN is the lack of native support, which makes it pretty hard to manually configure connections. Also, OpenVPN isn’t known to be a very speedy protocols. In fact, if you use OpenVPN over TCP, your speeds will take quite the hit.

Luckily, OpenVPN tends to be faster over UDP.

SSTP

Microsoft launched the SSTP VPN protocol together with Windows Vista. It uses powerful encryption (like AES), provides relatively decent speeds (though they can go down if you don’t have enough bandwidth), and can bypass firewall restrictions with ease since - like OpenVPN - it can use the HTTPS port (443).

Despite all that, SSTP has a couple of issues:

• The VPN protocol is not open-source, so it’s not as trustworthy as SoftEther, WireGuard, and OpenVPN.
• SSTP doesn’t work on too many platforms. It’s only available on Windows, Android, routers, and Linux.
• Microsoft owns SSTP, and the company has collaborated with the NSA in the past (and will likely continue to do so since it’s part of the PRISM surveillance program).

“Does a VPN Have to Offer All Those Protocols?”

Not really.

It’s usually enough for a VPN provider to offer access to a few of those VPN protocols. However, you need to make sure you get access to the right protocols - like OpenVPN, SoftEther, and IKEv2.

A VPN provider that only offers one protocol isn’t ideal since you can’t tweak your connections to your liking. And a provider that only uses PPTP is a huge red flag since they endanger your personal data.

Ideally, you should pick a VPN provider that offers access to almost all the protocols on the list so that you can see which one works best for you.

Also, make sure the provider allows you to freely switch between VPN protocols with no restrictions.

What Is the Best VPN Protocol?

This is a tricky question since there is no exact “best VPN protocol.” Instead, there’s the best VPN protocol for various situations. Also, multiple VPN protocols can do an equally great job, not just a single one.

But to make things simple for you, and help you pick the best protocol for you, here’s a quick summary of what each protocol is really good at:

• PPTP - Due to its high speeds, PPTP is a great choice if you need to unblock a website or watch a geo-restricted video really fast without having to deal with a lot of buffering. However, you should never use it to secure your data, access your social media account or email, or do any online banking.
• L2TP/IPSec - Using this protocol to watch geo-restricted content and download torrents is a good idea. You could also use it to log into your accounts, but that depends on how much you believe that it wasn’t compromised.
• OpenVPN - OpenVPN is an excellent choice if you want to access online data in a secure manner, and bypass firewalls. On the other hand, you shouldn’t try using OpenVPN to quickly download files and stream content if you don’t have high bandwidth and a powerful CPU since your speeds will go down by a lot.
• SSTP - Like OpenVPN, you can use SSTP to protect your online data and bypass firewalls. The speeds tend to be better than with OpenVPN, but if you’re skeptical about Microsoft, SSTP might not be the ideal way to secure your Internet privacy.
• SoftEther - Whether you want to download torrents, access and stream geo-blocked content, bypass firewalls, and keep your traffic safe (all while enjoying fast speeds), SoftEther has got you covered. The only way SoftEther wouldn’t be a good option is if you can’t run it on your platform.
• WireGuard - This VPN protocol is a good option if you just want to do basic online browsing, and don’t mind a more complicated interface. Also, WireGuard is a great choice if you’re looking for an experimental protocol to test out.
• IKEv2 - This is an ideal choice if you use your BlackBerry on the go or when traveling, and often switch from WiFi networks to mobile data. Besides that, IKEv2 also works great for unblocking content, torrenting, and securing your data.

Please note - we didn’t add IPSec to this list since you can pretty much use it for the same things you’d use L2TP/IPSec for.

The Bottom Line

VPN protocols are the rules and parameters VPN providers use to successfully establish communications between a VPN client and a VPN server. Also, VPN protocols properly route user data over VPN connections.

Without a VPN protocol, you can’t really enjoy a smooth, stable, and secure connection to a VPN server.

Currently, there are eight VPN protocols providers use:

1. PPTP
2. L2TP/IPSec
3. IPSec
4. IKEv2
5. OpenVPN
6. SoftEther
7. WireGuard
8. SSTP

A VPN provider won’t necessarily offer access to all protocols, but most of them will provide access to a few of them at the very least.

“Okay, so what’s the best VPN protocol?”

That depends on what you want to do. We’ve outlined what each protocol is good at above, but here’s the main idea:

• PPTP offers fast speeds but no security.
• L2TP/IPSec is a bit slower, but safer to use. 
• OpenVPN and SSTP offer a similar level of security, but OpenVPN is usually slower, and SSTP isn’t as trustworthy as OpenVPN.
• SoftEther offers fast speeds, high security, and stable connections, but can be a bit hard to set up. 
• IKEv2 works great for mobile users who access the web on the go.
• WireGuard is still in the experimental phase, so it only works well if you plan on testing it a lot.