All VPN Protocols Explained (And When to Use Them)

VPN Protocols Explained
Choosing between the seemingly endless list of VPNs available on the market is no easy task. And it’s not made any easier by the vast range of protocols used by VPN providers.

You want to choose a provider that employs up-to-date protocols. Older protocols are easily compromised so they don’t offer enough data security.

It’s no wonder you want to be aware of the different VPN protocols that exist. Not only that but you should know how they work and how they differ between each other.

By doing so you can avoid using a vulnerable VPN that doesn’t keep you as secure as it claims to.

What Are the Major VPN Protocols?

Why are there various VPN protocols? There’s an easy answer.

Like anything in tech, new protocols are constantly developed; ones that are better than older protocols. But that doesn’t mean new protocols replace the older ones. Both exist simultaneously.

Sometimes older protocols are better optimized for specific tasks. So depending on what you’re doing, you may actually want to use an older protocol.

Now, as mentioned, there are many different VPN protocols. Some are used more than others.

The 7 protocols we’ve listed below are the most popular. You’re likely to come across one of them when you search for a VPN.

1. Point-to-Point Tunneling Protocol (PPTP)

Point-to-Point Tunneling Protocol (PPTP) is one of the older methods of VPN encryption. It was designed by Microsoft during the 1990s for Windows 95.


  • It is a convenient protocol for usage which requires low security.
  • It’s super simple to set up and provides fast speeds.


  • Major security concerns which date back several years.
  • It should have been rendered obsolete years ago.

While it is less popular than it used to be, PPTP is still widely used today—especially with VPNs. And that’s despite the fact that it has a known vulnerability to the ASLEAP dictionary attacking tool.

The vulnerability has been known since 2004. Microsoft, to this date, has not released a fix. It’s natural to think that the vulnerability would have rendered PPTP obsolete…

PPTP is still widely used because it’s integrated with Windows, as well as Mac OS and Linux.

Clearly, PPTP should be avoided for modern use.

However, if you’re looking for a simple protocol and you’re not using your VPN for anything suspicious, go ahead and use PPTP.

2. OpenVPN

OpenVPN is used by most market-leading VPN providers. It’s highly reliable and a perfect solution when higher security and safety is needed.


  • Super secure and open-source; minimal chance of data breaches and leaks.
  • It is constantly kept up-to-date by the community.
  • Ability to choose between UDP/TCP for either speed or reliability.


  • Not supported by all devices.

The major downside of OpenVPN is it’s inoperability with some networking devices. You might want to, for example, set up your new flashy VPN on your home router but the router won’t support OpenVPN, leaving you with few options.

Created by James Yonan, OpenVPN is open-source and published under a GNU General Public License, meaning that everyone has access to its source code.

And thanks to its open-source nature, any security flaws are quickly unearthed by the public and dealt with. This also means that it’s not possible for malicious code to be added without the developer community finding out.

For general purposes & often enough security, OpenVPN is an ideal protocol.

3. L2TP/IPSec

L2TP—Layer Two Tunneling Protocol—is an extension of PPTP. It combines PPTP with Cisco’s Layer 2 Forwarding (L2F) Protocol. Because L2TP on its own does not feature any encryption, encryption is provided by Internet Protocol Security (IPSec).


  • Super secure protocol which is used to transmit top secret information.
  • It’s a relatively newer protocol.


  • Requires more overhead due to 256-bit encryption.
  • It’s relatively difficult to set up.

L2TP uses a 256-bit key. This is the same level of encryption used by organizations to transmit top secret information. If it’s good enough for classified information then it should be good for enough nearly all types of browsing.

However, it is vulnerable to attack when pre-shared keys are used. So don’t share your keys with anyone else!

L2TP is one of the newer protocols to hit the internet, and it is supported by Mac OS 10.3 and Windows 10.

If you don’t want anybody snooping on what you’re doing then a VPN which uses L2TP is a great choice.

4. IKEv2/IPSec

Internet Key Exchange v2 is another one of Microsoft’s own VPN protocols—developed with the help of Cisco. On its own, IKEv2 is nothing but a tunneling protocol, which facilitates the secure exchanging of keys and so it is paired with IPsec for encryption.


  • Quick reconnection makes it the perfect protocol for mobile devices.
  • It’s rather lightweight and doesn’t have many overheads.


  • Evidence has suggested that NSA exploits IKE flaws to get around IPSec.
  • To guarantee security, open source IKEv2 implementations need to be used.

Although IKEv2 is not one of the more popular VPN protocols it is used heavily for mobile VPNs. Why? Because it’s good at quickly reconnecting during a connection loss, and when switching networks (such as from WiFi to 4G).

Again, IKEv2/IPSec is good for general browsing when you want to guarantee privacy on the move. But this can only be done when an open source iteration is used because closed source iterations are vulnerable to snooping from the likes of the NSA.


Secure Socket Tunneling Protocol (SSTP) is one of the most popular protocols. It’s used by almost every VPN in one form or another.

And why’s that? Because it’s been integrated with all of Microsoft’s operating systems since Vista. Which means it can easily be used alongside Winlogon for added security.


  • Supported by Windows Vista and above, and Linux.
  • It is very secure due to its authentication and encryption.


  • The code cannot be audited so its security is merely assumed.

SSTP uses 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption, making it extra secure. For this reason, it’s highly regarded by cybersecurity professionals.

The only problem is that SSTP is not open source. So the code can’t be audited.

SSTP is generally a sound choice for any type of activity, including torrenting, streaming, and hiding browsing activities.

6. SoftEther

SoftEther is an open-source and cross-platform protocol for VPNs. It is also one of the newest protocols, having been launched in 2014.


  • PPTP speed, OpenVPN security and L2TP stability with P2P downloading.
  • It’s an all-in-one protocol which has everything you could ever want.


  • It is relatively new and not widely available.
  • Does not have native support on any major operating system yet.

The protocol has received widespread positive coverage because it’s the same protocol as OpenVPN—SSL with 256-bit AES. And SoftEther retains amazing performance and high reliability.

256-bit AES with SSL is recognized around the world for being highly secure and well-encrypted. However, the main reason for SoftEther’s popularity is that it contains the same features as other VPN protocols, such as PPTP, L2TP, and SSTP whilst being ultra-lightweight and eliminating all disadvantages.

If you can get it you should choose SoftEther. It has everything all the other protocols have combined in one neat package.

7. WireGuard

WireGuard is another new protocol which is being lauded as possibly the “most secure” and “easiest to use” VPN solution anywhere on the market. It is quickly gaining traction.


  • The most secure, simplest, and easiest to use VPN solution on the market.
  • Supports all operating systems, from Microsoft to CentOS and beyond.


  • It has to be configured by the end-user and this can be quite difficult.

And it’s very popular amongst developers. WireGuard was initially released for Linux operating systems but it’s now compatible across multiple platforms.

It is super easy to use (if you know what you’re doing) and provides some of the strongest encryption on the market. It uses public encryption keys with VPN tunnel IP addresses. And a unique private key is used alongside a list of peers for each network interface.

WireGuard is another great all-in-one protocol. It provides high speeds with unbeatable security and is suitable for virtually anything.

Bottom Line: VPN Protocols Recommended…

Speed: By far, we adore SoftEther. You simply won’t find a faster protocol anywhere which uses the same grade of authentication and encryption.

Security: SSTP is best for security in our opinion. Although SoftEther and WireGuard have similar security, SSTP is widely available and doesn’t require any complicated configuration.

Downloading and Streaming: Anything other than OpenVPN (slow) or PPTP (lots of inherent security flaws which aren’t fixable) is a fine choice for downloading and streaming.

Published by

Jamie Cambell

Ethical Hacker. Ph.D., M.S. in Computer Science at University of California, Berkeley. Technology enthusiast and also a part-time gamer. My goal is liberating the Internet.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version