Out of a multitude of VPN protocols, which one should you choose?
This is one of the questions we get asked a lot, and here we want to explain how these protocols work and answer this question – so you know which protocol will work best for you.
But first, you should know that it is a VPN protocol that determines how data is routed between your computer and the VPN server. Some of the most common VPN protocols include:
1. OpenVPN
One of the most popular VPN protocols, OpenVPN is an open-source protocol which means developers and hackers can scrutinize its source code for vulnerabilities, or use it in other projects. This also happens to be one of the most secure protocols and one of our personal favorites.
OpenVPN supports an unbreakable AES-256 bit key encryption with 2048-bit RSA authentication and a 160-bit SHA1 hash algorithm. It is available on virtually all platforms.
If there is no option for WireGuard, we suggest selecting OpenVPN — which is a default protocol in many VPNs.
2. L2TP/IPSec
A successor to the depreciated PPTP, Layer 2 Tunnel Protocol (L2TP) is commonly bundled with security protocol IPsec to deliver one of the most secure VPN connections backed by the AES-256 bit encryption.
However, the problem is that L2TP/IPSec defaults to UDP on port 500, making it relatively easy for government agencies and other entities to spot and block its use.
3. SSTP
Developed by Microsoft, Secure Socket Tunneling Protocol (SSTP) has been fully integrated with every version of Windows since Vista Service Pack 1. This means you can use SSTP with Winlogon.
The protocol relies on 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption — which makes it a viable option to use.
Beyond Windows, SSTP has native support for Linux and BSD systems, while Android, macOS, and iOS have support via third party clients.
4. IKEv2
Co-developed by Microsoft and Cisco, Internet Key Exchange version 2 (IKEv2) is essentially just a tunneling protocol, and is therefore frequently paired with IPSec for encryption and authentication.
IKEv2 isn’t as popular as other VPN protocols, but it typically comes included in many mobile VPN apps. VPN providers include it because it can quickly reconnect during moments of temporary internet connection loss.
IKEv2 is supported in Windows, iOS, and Blackberry OS, while Linux and Android are supported through third-party apps.
5. PPTP
Introduced way back in 1995, the Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols that is still in use in some places. However, the majority of services have long upgraded to faster and more secure protocols. Where it is available, it is used for accessing streaming services where it tends to always deliver a buffer-free experience.
6. Catapult Hydra
The proprietary protocol developed by AnchorFree which is powering Hotspot Shield as well as VPN services from some cybersecurity companies that offer it within their apps — including McAfee, BitDefender, Cheetah Mobile and a few others.
Catapult Hydra is reportedly one of the fastest protocols out there, with various reviews giving it an edge over other solutions when testing it with video streaming services. On the other hand, it can be detected by tech-savvy government authorities such as those in China.
7. WireGuard
These days, WireGuard is our protocol of choice, with many in the industry calling it “the future of all VPN protocols.”
Like OpenVPN, WireGuard is also an open-source protocol that can deliver the highest level of speed. That “speed” factor has prompted many of the biggest VPN services to add it to their offerings and we love them for that.
WireGuard uses cutting-edge cryptographic algorithms, while its source code counts just a few thousand lines — compared to OpenVPN’s hundreds of thousands. This makes it easier for developers to review and validate the security of the protocol.
Finally, WireGuard is great for connection roaming, allowing users to seamlessly switch from one network environment to another. With other protocols, the connection is more easily dropped.
Which protocol to use?
The sum it up – use WireGuard if you can. If you can’t go for OpenVPN, except if you use Hotspot Shield – then you’ll have to go with Catapult Hydra – which is fast but could be easily blocked in countries like China.