VPN Protocols Explained
A VPN protocol defines how your device creates and maintains the encrypted tunnel to the VPN server. Different protocols make different trade-offs between speed, security, compatibility, and resistance to censorship. This guide covers every major protocol in use today.
Protocol Comparison Overview
| Protocol | Speed | Security | Censorship resistance | Battery use | Status |
|---|---|---|---|---|---|
| WireGuard | Fastest | Excellent | Moderate (UDP only) | Low | Recommended |
| OpenVPN UDP | Good | Excellent | Moderate | Moderate | Recommended |
| OpenVPN TCP | Moderate | Excellent | High (port 443) | Higher | Use for censorship bypass |
| IKEv2/IPSec | Fast | Very good | Lower (fixed ports) | Low | Good for mobile |
| L2TP/IPSec | Slow | Good | Low | Moderate | Avoid if possible |
| SSTP | Moderate | Good | High (HTTPS port) | Moderate | Windows-only, rarely needed |
| PPTP | Fast | Broken | Low | Low | Never use |
Proprietary Protocols
Several providers have developed their own protocols built on top of established cryptographic foundations:
| Protocol | Provider | Based On | Key Advantage |
|---|---|---|---|
| NordLynx | NordVPN | WireGuard | Double NAT preserves no-logs guarantee |
| Lightway | ExpressVPN | wolfSSL | Very fast reconnects, open-sourced in 2021 |
| Stealth | ProtonVPN | Obfuscated WireGuard/OpenVPN | Bypasses deep packet inspection |
| Catapult Hydra | Hotspot Shield | DTLS/TLS | Proprietary speed optimisations |
Which Protocol Should You Use?
- Default choice: WireGuard - Fastest and modern.
- Restricted network (school, corporate, hotel): OpenVPN TCP on port 443 - Mimics HTTPS and is nearly unblockable.
- Mobile device: WireGuard first; IKEv2 as fallback for seamless network handoffs.
- Censorship-heavy country: Provider's obfuscated mode (Stealth, obfs4) or OpenVPN TCP 443.
- Legacy hardware: OpenVPN (runs on very old kernels and embedded routers).
- Never use: PPTP - It uses RC4 encryption which was broken in the early 2000s.
For WireGuard-specific details, see What Is WireGuard?. For OpenVPN specifics, see What Is OpenVPN?. Test your VPN setup with our VPN Leak Test or check our full VPN Guide hub.