Comparing VPN Protocols

VPN Protocols

VPN use is becoming more and more common. This is easy to imagine, given the steady increase in (mass) surveillance, hacking and online tracking by advertising companies. It was also very useful when VPNs were only for tech-savvy computer enthusiasts, but those times are long gone. 

However, to get the most out of your VPN service, it is very important to choose the VPN protocol that best suits your needs. That’s why in this article, we’re going to explain what a VPN protocol is, the options that exist, and their advantages and disadvantages.

What is a VPN protocol?

VPN, among others, encrypts your data traffic before sending it to VPN services. The system responsible for encryption is often called the encryption protocol, or VPN protocol. Most  modern VPN providers  offer different encryption protocols for their users to choose from. It is very important to select your encryption protocol well. After all, all protocols have advantages and disadvantages. The top 6 VPN protocols are as follows:

  1. OpenVPN with UDP port
  2. OpenVPN with TCP port
  3. PPTP
  4. IKEv2
  5. L2TP/IPSec
  6. Wireguard (This experimental protocol is being developed)

It goes without saying that, to choose the best protocol for you, it is important to know the difference between these protocols.

The differences between the main VPN protocols:

OPENVPNPPTPL2TP/IPSECIKEV2WIREGUARD
GeneralPopular open source VPN protocol offering cross-platform featuresVery simple VPN protocol. This is the first VPN protocol supported by Windows.Tunneling protocol that uses the IPSec protocol for security and encryption. L2TP only offers UDP ports (known for being fast, but less reliable and secure than TCP ports).Like L2TP, IKEv2 is a tunneling protocol that relies on IPSec for encryption. However, this protocol is supported by few systems and devices.A new experimental open source protocol. This protocol, which is still under development, is appreciated for its speed, efficiency, and small codebase. This last feature therefore makes it easier to inspect and analyze (evaluate) the protocol.
CryptographyOpenVPN offers strong, high-quality encryption using openSSL. Algorithms used: 3DES, AES, RC5, Blowfish. 128-bit encryption with 1024-bit keys.PPTP uses MPPE protocol to encrypt data. The algorithm used is RSA RC4 with a 128-bit key.It uses IPSec to encrypt, using the 3DES/AES algorithm, with a 256-bit key.Like L2TP/IPSEC, IKEv2 uses IPSec for encryption. IKEv2 can use the following encryption algorithms: 3DES, AES, Blowfish, Camellia.Wireguard uses the ChaCha20 algorithm to encrypt. An audit of Wireguard in June 2019 showed no serious security flaws. However, the auditors indicated that the security of the protocol needed to be optimized. This is undoubtedly one of the reasons why the developers of the protocol have not yet made a permanent release available. It is important to mention that Wireguard is in constant development and, from now on, it should be considered an experimental protocol.
FunctionalityIt can be installed using separately available software (not integrated into operating systems) and uses *.ovpn configuration files, combined with username and password. Also integrated into various software (most modern VPNs for example).It can be installed directly on your operating system. Also, PPTP integrates with various software (many VPN providers offer this protocol).It can be installed directly on your operating system. In addition, L2TP/IPSec integrates with various software (many VPN providers offer this protocol).It can be installed directly on your operating system. In addition, IKEV2 integrates with various software (many VPN providers offer this protocol).As Wireguard is still under development, most VPN providers do not support this protocol (yet). However, this protocol is compatible with most operating systems.
SpeedIt depends on several variables such as the speed of your system and the speed of the server you are connected to. OpenVPN with UDP port usually results in a higher speed than with TCP port.Speed ​​depends on several variables, such as the speed of your system and the speed of the server you are connected to. But generally, PPTP is known to be a fast protocol, mainly because of its relatively simple encryption (compared to modern protocols).Speed ​​depends on several variables, such as the speed of your system and the speed of the server you are connected to. L2TP itself is very fast (as it only offers a communication tunnel and no encryption). However, by necessarily inserting IPSec for security (mainly encryption) L2TP/IPSEC becomes slower than OpenVPN.Like L2TP, IKEv2 uses UDP port of 500, making it a faster protocol. Some sources claim that IKEv2 is capable of achieving higher speed than OpenVPN.According to its developers, the small and efficient codebase, combined with the fact that Wireguard operates on the Linux kernel, should result in great speeds. This is also confirmed by the references found on the Wireguard website.
stability and reliabilityIt offers great stability and reliability, regardless of network type (WLAN, LAN, mobile networks, etc.). To have a stable connection with OpenVPN, you usually don’t need advanced and complex settings like IKEv2.PPTP has some stability and reliability issues. For the most part, these problems can be attributed to compatibility.Equivalent to OpenVPN, but sometimes dependent on network stability.IKEv2 is a more complex protocol than OpenVPN. Therefore, sometimes IKEv2 needs a more advanced and complex configuration process to function optimally.As Wireguard is still under development, it is difficult to make any statements regarding stability and reliability.
privacy and securityOpenVPN is known to have few (if any) security flaws. Do you want maximum VPN privacy and protection without the need for advanced settings? So, overall, OpenVPN is the right protocol for you.At least among Windows users, PPTP is known to have several security holes.L2TP, when combined with IPSec, is known as a very secure protocol. However, according to Edward Snowden, L2TP/IPSec has already been exploited by the NSA (National Security Agency).Many consider IKEv2 to be as secure as L2TP/IPSec, as they use the same type of protocol for encryption (IPSec). However, unfortunately, leaked presentations from the NSA suggest that the IKEv2 protocol has also been exploited in the past by malicious sources.Wireguard’s main advantage in this regard is its relatively small codebase (about 4000 lines, compared to almost 100000 lines for both OpenVPN and L2TP/IPSex, for example). This means that the attack field for hackers to exploit is much smaller. Also, it is much easier to detect security flaws.
BenefitsIt offers good speed and probably the best security among all VPN protocols.It is able to bypass most firewalls, network restrictions and ISPs.Easy setupusually fastSupported by many systems and devices.Easy setupIt is able to bypass network, geographic and ISP restrictions.Easy setupgood speedSmall codebase (easy to be audited and little room for attacks)According to developers and some critics, it is easy to use, as well as being a fast protocol.
DisadvantagesSometimes installation requires separate software.The level of stability and reliability can vary greatlyIt’s not as secure and private as modern protocols (especially compared to OpenVPN).Easy for websites, authorities and ISPs to detect and block PPTP usersRelatively slow and can be blocked by firewalls as it uses a port that is usually blocked UDP 500Almost always blocked by firewalls (UDP port 500 users).Supported by fewer systems and software than OpenVPN, L2TP/IPSec and PPTP.Still in development. This makes it difficult to draw any definitive conclusions regarding the security and stability of the protocol.As of today, Wireguard appears to be incompatible with anti-logging policies (more on this later).
ConclusionFor many OpenVPN will (certainly) be the VPN protocol of choice. OpenVPN is fast, stable and secure.PPTP is generally easy to configure, but less stable and secure than most modern protocols such as OpenVPN and L2TP/IPSec. For these reasons, we recommend that you use PPTP if other protocols don’t work for you or are too difficult to configure.Generally, L2TP/IPSec is slower than OpenVPN and PPTP, but they can bypass some blocks that others cannot. We recommend using L2TP/IPSec as an alternative if OpenVPN doesn’t specifically meet your needs.According to several critics, IKEv2 appears to offer the same level of security as L2TP/IPSec, but at a higher speed. However, the speed of IKEv2 depends on many variables. To ensure a stable connection and good reliability, IKEv2 may need very complex configurations. For this reason, especially for “beginners in the world of VPNs”, we recommend this protocol only if OpenVPN does not work, for example.Undoubtedly, Wireguard demonstrates a lot of potential. However, the protocol is still under development. For this reason, like its developers and many other VPN providers, we recommend that you only use this protocol on an experimental basis or when your privacy and anonymity are not essential. To circumvent geographic restrictions, for example.

Now, we will talk about these protocols in more detail.

OpenVPN

OpenVPN (which stands for Open Source Virtual Private Network) is the most popular VPN protocol. Its popularity may be down to its open-source code and strong, top-notch encryption. OpenVPN is supported by all major operating systems such as Windows, macOS and Linux. The protocol is also supported by mobile operating systems such as Android and iOS.

Of course, one of the main functions of the VPN protocol is to provide high-level data encryption. In this regard, OpenVPN has a good performance. After all, OpenVPN uses 265-bit encryption through OpenSSL. Also, many VPN services (in fact, most) support OpenVPN.

OpenVPN supports using two different port types: TCP and UDP.

  • OpenVPN-TCP is the most used and most reliable protocol. Using a TCP port means that each “data packet” individually needs to be approved by the receiving party before a new one is sent. This makes the connection more secure and reliable, but slower.
  • OpenVPN-UDP is significantly faster than OpenVPN-TCP. All “data packets” are sent without needing approval from the receiving party. The result is a faster VPN connection, but with some loss of stability and reliability.

OpenVPN Advantages and Disadvantages

  • + very safe
  • + Supported by a good deal of software and virtually all modern VPN providers
  • + Supported by almost all operating systems
  • + Extensively tested and inspected
  • – Sometimes you need additional software

PPTP VPN Protocol

The Point-to-Point Tunnelling Protocol (PPTP) is one of the oldest VPN protocols on the market. In fact, it was the first VPN protocol supported by Windows. The NSA managed to exploit the security flaws of the PPTP protocol. Added to the lack of high-level encryption, this is why this protocol is no longer considered secure. However, PPTP’s lack of good encryption does not mean that it is a fast protocol.

Because it is so old, the PPTP protocol is the most widely supported VPN protocol between different devices and systems. However, firewalls that try to block VPN users easily recognize PPTP users. This makes it an inefficient protocol to use as an unlock (we’ve already seen that its security leaves a lot to be desired).

Advantages and disadvantages of PPTP

  • + very fast
  • + simple and easy to use
  • + is compatible with virtually all operating systems
  • – offers only basic encryption
  • – easy to be recognized and blocked by firewalls and the like
  • – hackers often exploit PPTP security flaws

L2TP/IPSec

The Layer 2 Tunneling Protocol (L2TP) is a tunnelling protocol used to create the so – called “tunnel-VPN” (where your data traffic is guided). However, L2TP itself does not encrypt any data. That’s why in virtually all cases L2TP is combined with the IPSec protocol, which actually encrypts data (and very well, by the way). Hence, the name L2TP/IPSec.

IPSec means  Internet  Protocol  Security (Internet Protocol Security) and takes care of the encryption end-to-end of data in the L2TP tunnel. Using L2TP/IPSec combination as VPN protocol is much more secure and guarantees more privacy than PPTP. Just like any other protocol, L2TP/IPSec also has its drawbacks. 

One of the disadvantages of the protocol is that some firewalls block users of this protocol. This happens because L2TP uses UDP port 500 and some websites block this port. Regarding speed, L2TP itself performs impressively, due to the lack of encryption. However, the required combination of IPSec can significantly slow the connection. In short, OpenVPN is generally faster than L2TP/IPSec.

Advantages and disadvantages of L2TP/IPSec

  • + better encryption than PPTP
  • + compatible with most operating systems.
  • – slower than OpenVPN
  • – according to Snowden, the NSA exploited security vulnerabilities in this protocol.
  • – this protocol may be blocked by some firewalls.

IKEv2 VPN Protocol

IKEv2 stands for Internet Key Exchange Version 2. As we can tell from the name, IKEv2 is the successor to IKE. When using IKEv2 as the VPN protocol, your data traffic will first be encrypted by the IPSec protocol. After that, a VPN tunnel is created and all your (encrypted) data travels through this secure VPN tunnel. 

Like L2TP/IPSec, IKEv2 uses UDP port 500. This means that some firewalls will block IKEv2 users. Due to the use of IPSec for encryption, IKEv2 is considered by many to be as secure as L2TP/IPSec. However, we should note that using a weak password makes IKEv2 very vulnerable to hacker attacks.

Advantages and disadvantages of IKEv2

  • + IKEv2 is very fast
  • + well above average encryption
  • + can re-establish lost connections
  • + simple and easy to use
  • – easily blocked by some firewalls.
  • – Possibly exploited by the NSA
  • – not secure if a weak password is used
  • – is not as supported as OpenVPN and L2TP/IPSec.

Wireguard

Wireguard is a new and as of now experimental VPN protocol developed by Jason A. Donenfeld. The protocol is still under development. However, many VPN providers already support this protocol. The protocol prides itself on its small code base (about 4000 lines), compared to competitors. 

This smaller code base makes it much easier and faster to inspect (evaluate) the protocol and its security. Also, combined with the code itself, it makes using the VPN protocol much easier, faster, and more efficient. However, as this protocol is still under development, the developers and many other VPN providers recommend that this protocol be used only experimentally or when your privacy and anonymity are not essential (as of now). 

Furthermore, the current version of Wireguard only supports the use of static IP addresses. According to many authorities on the subject, this means that Wireguard as a VPN protocol does not support an anti-log policy.

Wireguard Advantages and Disadvantages

  • + In theory, and according to references found on the website itself, Wireguard is a very fast VPN protocol
  • + Its small code base makes protocol evaluation easier
  • – Most VPN providers do not support this protocol (yet).
  • – Wireguard as of now only provides static IP addresses and therefore does not support the anti-logging policy.

Conclusion

It goes without saying that it is extremely important to choose the right VPN protocol for you. All protocols have their advantages and disadvantages. In most cases, OpenVPN will be the best option. PPTP is a protocol that we do not recommend, as it has relatively weak encryption. 

However, you can use this protocol when your privacy and security are not so important, such as to unblock streams. If OpenVPN doesn’t support or isn’t working for whatever reason, consider L2TP/IPSec or IKEv2 to be good alternatives.