Disclosure: Hide & Seek is reader-supported. When you buy through links on our site, we may earn a commission.

A Deep Dive Into VPN Protocols

Some protocols commonly used for VPNs today include PPTP, L2TP, IKEv2, OpenVPN, and WireGuard. Each VPN protocol often has unique traits that make it better at specific tasks. While some may be generally better in a sense, much depends on the context of use.

While Virtual Private Networks (VPNs) are fantastic tools for privacy and security, they aren’t easy to understand. That’s why VPN providers often sell on utility, such as offering to help you bypass geo-blocks, improve security through encryption, or a host of other things.

They don’t typically expand on the information you need to know once you get behind the scenes; protocols, for example. There isn’t an easy way to discuss this since it’s a dry subject and does not make for entertaining reading.

However, to get the best performance with a VPN, you must choose the right one to use.

What is a VPN Protocol

VPN providers build and deploy a global network of servers that offer secure connections via encrypted connections. To connect to these servers, you’ll need credentials and the selection of a communication protocol within the VPN client application used.

Communication protocols are what dictate specific parameters of the connection. For example, they may affect encryption which in turn can impact overall speed. Or they might allow connections on certain types of networks and not others.

These protocols dictate what happens when two devices connect and how anything happens during that period.

Just as various brands produce their product models, several VPN protocols have emerged over time. The benefits each brings aren’t always linear to when they emerged. IKEv2, for instance, isn’t new but remains necessary to facilitate communications over mobile networks.


Who has the fastest VPN?
We run more than 70 speed tests every month on selected VPN brands to find out who has the most stable and fastest network > Compare & choose fastest VPN.

Types of VPN Protocols

Some protocols commonly used for VPNs today include:

  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)
  • Internet Key Exchange version two (IKEv2)
  • OpenVPN
  • WireGuard

Each VPN protocol often has unique traits that make it better at specific tasks. While some may be generally better in a sense, much depends on the context of use.

1. PPTP

PPTP is perhaps the oldest VPN protocol around. It was developed by Microsoft for dial-up connections back in the mid-90s. But as technology evolved, we discovered that PPTP did not age well. Its basic encryption algorithms quickly became outdated, compromising security. 

Part of its vulnerability lay in the process of data encryption. PPTP encrypts data in transit using the Microsoft Point-to-Point Encryption (MPPE) method, which is vulnerable to attacks using modern technology. Data packets can be intercepted and modified, which is the leading cause for concern. 

There have also been debates over whether the method to verify whether sources are legitimate is sufficiently robust.

That said, PPTP delivers excellent speed for users who don’t need high levels of encryption. This speed is precisely due to the lack of security features employed in the protocol.

2. L2TP

L2TP is the successor to the now-depreciated PPTP. It is a combination of development between Microsoft and Cisco that provides a shelter capable of shielding an entire network. It creates a tunnel session to allow exchanging of data packets between two peers.

Unfortunately, L2TP doesn’t natively provide encryption or privacy. This shortcoming means the need for external components and is why you’ll often see a VPN protocol labeled as “L2TP/IPsec.”

IPsec is the security component, and along with L2TP, forms a more robust communication protocol. Together the pair can protect communications with up to 256-bit encryption, the highest available at this point.

There’s a caveat, though; L2TP/IPSec was co-developed with the National Security Agency (NSA), and there are suspicions that the NSA has allegedly compromised IPSec. The protocol is also more easily blocked in some cases, especially when using User Datagram Protocol (UDP) on a single port.

In terms of speed, an average user may not be able to catch a noticeable difference. However, it is still slower than PPTP.

3. OpenVPN

Probably the most popular protocol in use, OpenVPN is an open-source VPN protocol that’s highly configurable for various ports and encryption types. It first emerged in 2001 and yet is still considered “new.” 

OpenVPN is considered one of the most secure protocols thanks to native AES-256 bit key encryption (amongst others), with 2048-bit RSA authentication and a 160-bit SHA1 hash algorithm.

The native security in OpenVPN is facilitated by OpenSSL, similar to that used on HTTPS websites. It is also configurable for any port, and traffic on OpenVPN can easily be disguised as regular Internet traffic.

Among these advantages, OpenVPN takes it further by being usable on almost all platforms like Windows, macOS, Linux, Android, iOS, Blackberry, routers, and more.

OpenVPN allows much customization; you can use either User Datagram Protocol (UDP) or Transmission Control Protocol (TCP). For higher speeds, UDP mode is recommended, while TCP is harder for VPN blockers to detect.

4. IKEv2

This protocol is yet again another developed by Microsoft and Cisco. Much like L2TP, IKEv2 is also a tunneling protocol, providing a secure key exchange session. Therefore, IKEv2 needs pairing with a security module like IPSec.

This protocol is commonly used in VPN mobile apps and supports advanced cipher functions such as 3DES and AES for encryption, with the latter being the safest. It uses Encapsulating Security Payload (ESP) to secure the packet transmissions and Mobility and Multihoming Protocol for endpoint tunnels. 

IKEv2 does well at reconnecting during moments of temporary internet connection losses and when switching networks; from Wi-Fi to mobile data. It is a proprietary protocol with native support for Windows, iOS, and Blackberry devices. It also has open-source implementations available for Linux and Android through third-party apps.

While IKEv2 is great for mobile connections, we, unfortunately, face the same problem as other protocols relying on IPsec for security; the possibility of vulnerability to NSA monitoring.

5. WireGuard

WireGuard is the newest kid on the block and so far has been stunning users around the world. While initial assessments show great promise, the “newness” factor has resulted in some hesitation by VPN service providers.

The protocol is open-source, which means chances of encountering security vulnerabilities are lower. It also uses a much simpler codebase; therefore is allegedly lighter and faster. 

Additionally, this protocol is said to resolve problems that arise from IPSec and OpenVPN implementations (which tend to be quite complicated and prone to misconfigurations). WireGuard utilizes Poly1305 for data authentication and ChaCha20 for encryption. 

It also has a built-in hashing algorithm ensured by the BLAKE2s function (modern cryptography applied for network safety). You can configure which port to use, but by default, 51820 UDP is used. The ChaCha20 encryption algorithm works well with mobile devices, offering faster speeds than AES.

Wireguard supports all major operating systems. It is fast as it runs from the Linux kernel and removes any unnecessary processing. However, it is still under development and lags in terms of cross-platform compatibility.

Also, WireGuard assigns IPs statistically, which means some user data must remain on servers- a question mark regarding privacy.

Proprietary VPN Protocols

Some VPN service providers have created their protocols, but these are mostly a somewhat modified version of existing mainstream ones. These proprietary protocols have their perks, but the main problem is that we mostly don’t know what is under the hood.

Good examples of proprietary protocols are NordVPN’s NordLynx, Lightway by ExpressVPN, and Chameleon by VyprVPN.

NordLynx by NordVPN

NordVPN’s NordLynx is a technology built around the WireGuard VPN protocol. WireGuard alone cannot ensure complete privacy because it cannot dynamically assign IP addresses to everyone connected to a server. Instead, it uses the same IP address for each connected user. 

To resolve this, NordVPN introduced “double NAT” (Network Address Translation) to randomize your IP address without keeping any of your data logs. This double NAT system creates two local network interfaces for each user. The first interface assigns a local IP address to all users connected to a server.

Once a VPN tunnel is established, the second network interface with a dynamic NAT system is triggered which assigns a unique IP address for each tunnel. As such, there’s no need to store any identifiable data on the server.

Lightway by ExpressVPN

A proprietary protocol from ExpressVPN, Lightway makes your VPN experience speedier, more secure, and more reliable. It uses wolfSSL, a well-established cryptography library that has been extensively vetted by third parties, including against the FIPS 140-2 standard. The core codebase of Lightway is available for preview on GitHub, giving the required transparency.

Designed to be lightweight, Lightway runs faster and uses fewer resources. For authentication, it relies on TLS to secure the tunnel. If you’re switching between networks or your signal drops, your VPN connection becomes idle and not terminated. Therefore, resuming your connections becomes a piece of cake.  

Chameleon by Vyprvpn

As you know, VPN traffic is increasingly being under scrutiny. It is either diverted, throttled, or blocked by governments, corporations, and Internet Service Providers (ISPs) worldwide. As such, a new, proprietary VPN technology called Chameleon has been developed by VyprVPN. 

Chameleon scrambles the OpenVPN packet metadata via the unmodified OpenVPN 256-bit protocol for the underlying data encryption in such a way that it’s unrecognizable via deep packet inspection (DPI). 

As such, VyprVPN users can bypass restrictive networks to achieve a free and more open internet experience. 

It also uses Smart IP, which changes the VyprVPN server IP periodically throughout your session. This works behind the scenes and applies to selected server locations only. Chameleon is pretty impressive as it manages to do all these while being lightweight and still keeping connections fast.

Final Thoughts

By now, you’ll realize that VPNs rely on various protocols to ensure your online activities are private and risk-free. You must know about each of the commonly used VPN protocols listed above, as this will help you best decide which protocol you should use under what scenario. 

Each protocol has its perks and advantages, thus making each more suited for different situations, depending on your needs. As such, it is best to go for a trusted and reputable VPN provider that offers you a choice of protocols for various scenarios of use.

Table of Contents

More to Read