Understanding VPN protocols: OpenVPN, L2TP, WireGuard & more
The best VPNs have become increasingly popular for various reasons. They help secure online privacy, bypass geo-restrictions, and protect sensitive data. Statistics show that approximately 72% of desktop/laptop users use a VPN, and 69% of people use a VPN on a mobile device.
This number demonstrates the growing demand for secure online connections. One of the core elements of a VPN is the protocol it uses. But what exactly is a protocol, and why does it matter? Read on to find out everything involved.
ExpressVPN – Get 3 months FREE with the best VPN
We think ExpressVPN is the best VPN in 2023, with great performance in just about every area. Its 30-day money-back guarantee lets you trial the service risk-free, and Tom's Guide readers can claim 3 months free.
Save 49% on ExpressVPN's 12-month planView Deal
What is a VPN protocol?
A VPN protocol refers to rules determining how data is transmitted and encrypted between your device and the server. Several different VPN protocols are available, each with its own strengths and weaknesses.
Some common VPN protocols include OpenVPN, L2TP, WireGuard, and IPSec. While they all serve the same purpose of securing your data, they do so in different ways and with varying levels of efficacy and security.
Understanding popular VPN protocols
The following are some of the most popular VPN protocols and their key features:
OpenVPN: Often considered the gold standard of VPN protocols, OpenVPN is an open-source protocol that uses SSL/TLS for key exchange. It supports both UDP and TCP. Besides, it’s compatible with a wide range of operating systems. OpenVPN’s robust security, reliability, and convenience fuel its popularity. However, limitations of speed and cumbersome code have led to the popularity of more modern alternatives.
WireGuard: A newer VPN protocol, WireGuard boasts faster speeds and better performance than most of its predecessors. It uses the Noise Protocol Framework for encryption and is open-source. However, it requires a patch for complete privacy. WireGuard operates over UDP and is compatible with most operating systems, making it a popular choice for modern VPN users. Its performance improvements over older protocols have led to rapid adoption, with many providers making it their default option.
Lightway: ExpressVPN developed Lightway, a proprietary protocol inspired by WireGuard. Lightway balances speed, security, and reliability by leveraging a lightweight implementation. Despite being a proprietary protocol, it has undergone an independent audit for security, and is widely regarded as largely on-par with WireGuard. Don't expect to see rivals like NordVPN and Surfshark implementing ExpressVPN's code in their own apps, though.
Catapult Hydra: Originally developed by Hotspot Shield, Catapult Hydra has been adopted by a few other VPN providers as well. It used to be the fastest VPN protocol available until WireGuard took the title. Users admire Catapult Hydra for its efficient use of resources and ability to improve connection speeds, making it a popular choice for users who prioritize performance – although again, it's now mostly outclassed by WireGuard.
L2TP: The Layer 2 Tunneling Protocol (L2TP) is often combined with IPSec for encryption. While it provides decent security, it can be slower than other protocols due to its double encapsulation process. On the other hand, numerous operating systems support L2TP. Thus, it may be a suitable choice for users looking for compatibility.
SSTP: Secure Socket Tunneling Protocol (SSTP) is a Microsoft-developed protocol that uses SSL 3.0 for encryption. It's compatible with Windows, macOS, and Linux but is generally less flexible than OpenVPN. SSTP provides strong security, but its ties to Microsoft raise potential privacy concerns for some users.
PPTP: Point-to-Point Tunneling Protocol (PPTP) is an older, outdated protocol with known security vulnerabilities. Developed in the late 1990s, PPTP was once widely used but has since been superseded by more secure and efficient protocols. Despite its weaknesses, some VPN providers still support PPTP because of its agility and convenience – but unless you know exactly what you're doing, it should be avoided at all costs.
IPSec: Internet Protocol Security (IPSec) is a widely used VPN protocol. It’s prevalent on mobile devices because of its native support on different platforms, including iOS and Android. IPSec offers robust security – it encrypts IP packets and authenticates their sources.
Comparing VPN protocols
It's important to consider your use-case when picking the right VPN protocol to use. Here we'll run down which protocol is best in which situation:
Security: WireGuard, OpenVPN, and IPSec (combined with L2TP) offer strong security. According to a recent study, OpenVPN and IPSec were considered the most secure VPN protocols, with WireGuard quickly gaining ground due to its modern cryptography techniques.
Speed: WireGuard is currently the fastest VPN protocol, followed by Catapult Hydra and Lightway. A recent report states that in recent years, WireGuard consistently outperformed other protocols in terms of connection speed and latency.
Ease of use: WireGuard and OpenVPN are user-friendly because of their extensive support and compatibility. WireGuard, in particular, has gained praise for its simple configuration and ease of deployment.
Compatibility: OpenVPN and L2TP/IPSec are widely compatible with various devices and operating systems. Hence, users find them suitable for diverse device ecosystems.
How to choose the right VPN protocol
When selecting a VPN protocol, you should consider the following factors:
Use case: Some protocols cater to specific activities like using a streaming VPN or torrenting VPN. For instance, WireGuard offers excellent speed and security, making it ideal for these purposes. OpenVPN is also popular for torrenting due to its strong encryption and broad compatibility.
Device compatibility: Ensure your chosen protocol is compatible with your device's operating system. For example, if you are an iOS user, IPSec may be a better choice because of its native support on Apple devices.
Security requirements: If security is your top priority, opt for a protocol with strong encryption and authentication, such as OpenVPN.
Speed and performance: If you require agility, consider WireGuard or other high-performance protocols like Catapult Hydra and Lightway.
Privacy: Open-source protocols like OpenVPN and WireGuard offer better privacy due to their transparent development and community-driven improvements.
To summarize, understanding VPN protocols is crucial when selecting a VPN service. While having a variety of protocols available is a bonus, most users will primarily benefit from WireGuard and OpenVPN because they offer robust security, high speeds, and broad compatibility.
You can choose the correct VPN protocol and provider to ensure a secure and enjoyable online experience by considering your specific use case, device compatibility, security requirements, and performance needs.
As the VPN market continues to grow and evolve, you should always stay informed about the latest developments in VPN protocols. This will help ensure you use the most secure and efficient solution.