Not Sure Which VPN Protocol To Use?
Most VPN providers will utilise at least one or all these VPN protocols to establish a secure connection. Some have developed since they appeared at the beginning of the VPN era, and some are freshly out this decade, but not all are created equally. We have listed in this table the most common protocols used today, with a simple breakdown:
| WireGuard | OpenVPN (Latest) | L2TP-IPSec | IKEv2 | PPTP | |
|---|---|---|---|---|---|
| Details: | WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. | OpenVPN provides a means of connecting computers together in a Virtual Private Network. That is, even if the computers are remote from each other, in another office, another country, the other side of the world. | L2TP stands for Layer 2 Tunneling Protocol. IPsec stands for Internet Protocol security. Used together, L2TP and IPsec are much more secure than PPTP (Point-to-Point Tunneling Protocol) but are still more suited for anonymization than for security. | The VPN protocol is widely implemented in mobile devices. This can be attributed to its fast speeds, stability, and high reliability when switching between networks. | The Point-to-Point Tunneling Protocol is an obsolete method for implementing virtual private networks. PPTP has many well known security issues. PPTP uses a TCP control channel and a Generic Routing Encapsulation tunnel to encapsulate PPP packets. |
| Security: | ChaCha20 | AES – 128/256bit GCM | AES – 128/256bit | AES – 256bit | MPPE – 128bit |
| Speed: | Highest speed with modern encryption. | Very fast if used with a good CPU and over UDP. | Has overhead but still fast. | Even on connections with high latency and great distance its still very fast and stable. | Very fast but very insecure. |
| Supported Devices: | All Platforms: Windows, Mac, Linux, iOS, Android, DDWRT and more | All Platforms: Windows, Mac, Linux, iOS, Android, DDWRT and more | Most Platforms: Windows, Mac, Linux, iOS, Android, and more | Newer Platforms: Windows, Mac, iOS, and Android | Some platforms, Windows, Android and some older Mac OS versions. |
| Protocol Pros/Cons: | • Modern • Modern Cryptography • Open Source • Fast (CPU Dependant) • Very Stable • Very Secure • Very easy setup • Support for most platforms | • Modern • Modern Cryptography • Open Source • Fast (CPU Dependant) • Very Stable • Very Secure • Very easy setup • Support for most platforms | • Quite Old • AES Encryption • Open Source • Quite fast • Stable • Secure • Easy setup • Support for most platforms | • Modern • Modern Cryptography • Open Source • Very Fast • Very Stable • Secure • Easy setup • Support for most platforms | • Old • Poor Encryption • Open Source • Very Fast • Very Stable • Insecure • Easy setup • Support for some platforms |
| Main Con: | • Not supported on some older platforms, for example older Android boxes. | • May need configured to suit your network. - Easily blocked in restrictive networks - Single Threaded (CPU dependant for speed) | • Better than PPTP, more support. | • Not supported on older platforms. | • Insecure • No longer supported on newer Mac OS and iOS |
| Stability: | Highly Stable unless UDP is blocked or throttled. | Highly Stable | Highly Stable | Extremely Stable, especially on mobile devices. | Stable |
| Conclusion: | Highly Recommended for Speed, Stability and Security, Its faster then them all. | Highly Recommended for Stability and Security. Not as fast as WireGuard. | Recommended if WireGuard, OpenVPN or IKEv2 is not available., Decent speed and decent security. | Highly Recommended for Speed, Stability and Security on mobile devices. | Not recommended, it may be fast and quite stable (depending on the network) but its security is completely broken. |
Not all protocols will work perfectly for you; everyone’s network is unique – some ISPs may block UDP as It can be used maliciously in DDOS attacks. This would rule out all but TCP through OpenVPN. UDP is usually blocked on specific ports, so simply changing the port with OpenVPN or WireGuard might solve it. Unfortunately, this is not possible with IPSec. Some providers will offer multiple ports for OpenVPN over TCP and UDP, so it may be just a case of changing the port.
If you primarily use VPN on a mobile device, IKEv2 works best. It’s incredibly stable when transitioning between multiple networks or travelling in and out of areas with a poor mobile network. WireGuard is a close second in that regard.