VPN Protocols Explained

In this article, we are exploring all the different VPN protocols explaining how they work as well as their pros and cons.

VPN Protocols

A VPN protocol determines how data is routed between your computer and the VPN server. Each protocol has different specifications, offering benefits to users in a range of circumstances. For instance, some put emphasis on speed, while others focus on privacy and security.

Let’s take a look at the most common VPN protocols.

1. OpenVPN

OpenVPN is one of the most popular VPN protocols. It is an open-source protocol allowing developers and hackers to scrutinize its source code for vulnerabilities, or use it in other projects. OpenVPN is also one of the most secure protocols and one of our personal favorites.

OpenVPN supports what is essentially unbreakable AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm. It is available on virtually all platforms — including Windows, macOS, Linux, Android, iOS and routers. What’s more, even obsolete platforms such as Windows Phone and Blackberry support OpenVPN.

Some time ago, OpenVPN was best known for its security and privacy but not so much for speed. Recent implementations have resulted in some boosts effectively helping establish OpenVPN as the industry standard.

2. L2TP/IPSec

A successor to the depreciated PPTP, Layer 2 Tunnel Protocol (L2TP) doesn’t actually provide any encryption or privacy itself. Therefore, it is commonly bundled with security protocol IPsec and this combo (L2TP/IPSec) then delivers one of the most secure VPN connections backed by the AES-256 bit encryption.

However, while L2TP/IPSec has no known vulnerabilities – it does have its flaws. For start, it defaults to UDP on port 500, making it relatively easy for government agencies, companies and other entities to spot and block its use.


Another popular option, Secure Socket Tunneling Protocol (SSTP) has been developed by Microsoft and has been fully integrated with every version of Windows since Vista Service Pack 1. This means you can use SSTP with Winlogon.

The protocol uses 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption — making it another option you can safely rely on.

In addition to Windows, SSTP has native support for Linux and BSD systems, while Android, macOS, and iOS have support via third party clients.

4. IKEv2

Developed by Microsoft and Cisco, Internet Key Exchange version 2 (IKEv2) is essentially just a tunneling protocol, providing a secure key exchange session. In that sense, it is frequently paired with IPSec for encryption and authentication.

IKEv2 isn’t as popular as other VPN protocols, but it comes included in many mobile VPN apps. This is because it can quickly reconnect during moments of temporary internet connection loss, as well as during a network switch — i.e. from Wi-Fi to mobile data.

IKEv2 comes natively included with Windows, iOS, and Blackberry devices; with Linux and Android being supported through third-party apps.

On the downside though, there is strong evidence that the NSA is actively exploiting IKE flaws to undermine IPSec traffic. In that sense, using an open-source implementation is suggested.


One of the oldest VPN protocols, the Point-to-Point Tunneling Protocol (PPTP) is still in use in some places, but the majority of services have long upgraded to faster and more secure protocols.

Introduced way back in 1995, PPTP was integrated with Windows 95 and was able to work even with dial-up connections.

The technology has progressed ever since, and PPTP is no longer the most secure option, with governments and criminals being able to crack PPTP’s encryption.

However, some people still use it when they are willing to sacrifice security for the connection speed. Think: video streaming services such as Netflix, Hulu and Disney+. If nothing else works, chances are PPTP will be able to deliver the buffer-free experience.

6. Catapult Hydra

The proprietary protocol developed by AnchorFree that is powering Hotspot Shield as well as the majority of large cybersecurity companies that offer VPN services from within their apps — including McAfee, BitDefender, Cheetah Mobile and many others.

Catapult Hydra is said to be one of the fastest protocols out there, with various reviews giving it an edge over other solutions when testing it with video streaming services. On the other hand, it can be detected by tech-savvy government authorities such as those in China. Therefore, we’ve never suggested using Hotspot Shield there — for everything else, and for most users, Hotspot Shield rocks. It’s simple, secure and fast — what else do you need?

7. WireGuard

Dubbed “the future of all VPN protocols,” WireGuard is the open-source VPN protocol that can deliver the highest level of privacy, security and speed. While it is effectively a newcomer to the VPN industry, many experts anticipate it will become the gold standard of VPN protocols, with some services betting it will become the “default protocol for all users.”

There are a few things that “work” in WireGuard’s favor. First, it uses cutting-edge cryptographic algorithms that other VPN protocols will not be able to easily support due to many separate implementations and required legacy support. Second, WireGuard’s code counts a few thousand lines compared to OpenVPN’s hundreds of thousands, making it easier for developers to review and validate the security of the protocol. And third, new security advances in connection roaming make WireGuard uniquely superior to any other protocol.

That last bit, about connection roaming, is especially interesting as it allows users to maintain their connection even when switching from one network environment to another. With other protocols, the connection is dropped.

Because of all this, WireGuard is significantly faster and more secure than any protocol that still relies on heavy, conventional codebases. Mobile users, in particular, should experience a noticeable improvement as soon as they connect — they’ll get a faster connection as well as slightly extended battery life (that’s where the smaller codebase kicks in).

These days, WireGuard is supported by most of the leading VPN services.


We’ve looked at all major VPN protocols, here’s the summary:

  • OpenVPN – the most popular VPN protocol offering strong encryption and fast connection; also an open-source project.
  • L2TP/IPSec – very popular with good speeds but easily detectable.
  • SSTP – solid security, difficult to detect and block.
  • IKEv2 – fast and very popular in mobile apps.
  • PPTP – widely supported despite the fact that it’s full of security holes.
  • Catapult Hydra – Anchor Free’s proprietary protocol that is said to be among the fastest out there.
  • WireGuard – the next-generation protocol that is being supported by the increasing number of VPN services.

Now that you know a lot about VPN protocols, you should be able to more easily select the best VPN service for yourself. Start by visiting our Best of the Best VPNs page and take it from there.