What VPN Protocol is Best to Use
One of the most confusing things when first beginning to search for a VPN provider is all of the different protocols available. If you aren’t very familiar with the technology, it’s hard to assess the value in all of the differences. It’s important to understand what you’re buying though and whether the VPN service you choose offers everything you need.
VPN protocols play a critical role in impacting both the privacy and speed of a VPN service. We recommend reading this short article to quickly learn about how they all differ. It’s been kept as non-technical as possible to only provide the details that matter to the average user. This should help you determine which protocols are best for which activity, regardless of the VPN service.
PPTP
Point-to-Point Tunneling Protocol has been around since before the turn of the century. As with many technologies of that time, it’s been rendered obsolete for providing privacy and security. PPTP implementation varies, but the most common shipped with Microsoft Windows 95. It’s 128-bit encryption is a far cry from the 256-bit standard of more secure protocols. The NSA can easily decrypt PPTP communications. However, it’s better than nothing and it’s outdated encryption is extremely lightweight. This means it’s the fastest protocol available for common VPN usage. PPTP is useful for streaming service like Netflix since speed is paramount over privacy.
L2TP/IPsec
Layer 2 Tunnel Protocol doesn’t actually provide any encryption so IPsec is almost universally implemented alongside it. Best VPN Now doesn’t even list VPN providers with only L2TP since it would be pretty useless for the majority of readers. The process for IPsec is typically run through an internet key exchange on both ends. Port UDP 500 is used for L2TP in this exchange, which is relevant because it is sometimes blocked by NAT firewalls. This may result in additional port forwarding configurations.
The data is encapsulated twice and generally considered secure. This adds to the security but makes it slower than other protocols except for OpenVPN (which can be faster or slower depending on configuration). However, Edward Snowden has hinted that the NSA may have “cracked” IPsec though so one cannot confidentially state it is 100% secure. It’s generally advised to use as a backup to the OpenVPN protocol since L2TP/IPsec is available on more devices but is less secure.
OpenVPN
OpenVPN is an open source technology that is currently the tried and true gold standard of VPN privacy. This means that tons of extremely intelligent people are frequently checking for vulnerabilities and collectively improving the protocol to keep users of it safe. It uses the OpenSSL library along with several other technological foundations to build a secure VPN solution. One of the key aspects of OpenVPN’s security is its support of AES-256 bit encryption. This is algorithm is used by the US government and most major financial institutions to protect their most sensitive data.
The slowest VPN protocol is typically OpenVPN. This is pretty logical since encoding and decoding data simply takes more time to compute. It’s highly configurable nature also means firewall issues are rare but it can be more difficult to setup. Usually these configurations are limited by VPN providers to make them easier to use though. These configurations almost always include AES-256 bit encryption and are geared more towards privacy than anything else. As such, it’s recommended to use OpenVPN where privacy is the biggest concern.
SSTP
Secure Socket Tunneling Protocol is Microsoft’s proprietary protocol and as such, is generally only available on Microsoft products (though it’s an option for Linux users now). Because it is closed off from external peer review, it’s difficult to assess the privacy SSTP provides. Most experts agree that it is an improvement over PPTP and IPsec, but that OpenVPN is still the best chance for maintaining anonymity.
Microsoft has worked with the NSA in the past and thus may have left intentional backdoors for them to use. That said, the NSA is far from the only organization that might want to spy on what you’re doing. SSTP is very easy to setup and use. If you’re more concerned with non-government spying and use Windows then SSTP is a great option for anyone encountering issues with OpenVPN.
IKEv2
Internet Key Exchange v2 is basically the next iteration of L2TP/IPsec. Like the other protocol, IKEv2 is run through an internet key exchange on both ends. However, it offers very many improvements over simple IPsec. It’s extremely fast and is comparable to PPTP in that regard. Unlike PPTP though it actually provides a secure level of privacy thanks to using the AES-256 bit cipher. This speed plays a critical role when used in mobile devices or computers connecting to the internet via Wi-Fi. IKEv2 is very fast to reconnect after a lost internet connection so the chance of sending unencrypted data is much lower.
The downside to IKEv2 is that there are lots of moving parts that the user doesn’t have full control over. This can result in compatibility issues. Such as is the case with OpenVPN configurations, this is usually taken care of by the VPN provider itself. Even then it’s possible to have problems. Because of its relative complexity, IKEv2 is the least likely protocol to be supported by a VPN service. Some of the top VPN providers like NordVPN do offer a choice between all five major VPN protocols. Ultimately, IKEv2 is probably the best choice for wireless devices, at least when it’s available.