A Plain English Guide to VPN Protocols
If you’re thinking about investing in a VPN (Virtual Private Network), you might feel overwhelmed that there is a lot of information to take in. You may find yourself confused by all the technical jargon or how it all actually works. You’ll likely have noticed that different VPNs have different protocols, which can be a little hard for the VPN novice to digest. When you choose a VPN, it is important to consider the various aspects of these technologies to decide which one will best suit your needs. Here’s a (hopefully approachable) breakdown of the differences on VPN protocols.
Point-to-Point Tunnelling Protocol is the most common VPN protocol. It is widely supported for Windows users, as it was created by Microsoft. It is available as standard on just about every VPN platform, making it easy to set up. It also requires a low computational overhead to implement, which means (for you VPN novices) that it is also quick to set up.
However, the PPTP was developed using 128-bit encryption keys which has since become considered quite weak in our quickly advancing digital world. Since there have been some security vulnerabilities with this protocol, most of today’s VPNs use a 256-bit security encryption.
Layer 2 Tunnelling Protocol does not provide encryption and relies on PPP (Point-to-Point protocol) to encrypt. The difference between PPTP and L2TP is that L2TP provides data confidentiality and data integrity. L2TP was built by Microsoft with Cisco as a foundation of PPTP and L2F (Layer 2 Forwarding) combined.
This VPN protocol is built to function with all modern operating systems and VPN devices. It’s also effortless to set up. While there are problems that may arise, this technology uses UDP port 500, which can be blocked by NAT firewalls.
L2TP/IPsec encapsulates data twice, and that can compromise speed, but as encryption/decryption happens in the kernel and L2TP/IPsec, it enables multi-threading (OpenVPN does not), and as a result, it is faster.
OpenVPN is a somewhat new VPN protocol technology, and one big advantage is that it’s highly configurable and can easily bypass firewalls. It runs best on a UDP port and can be set to operate on any port. It uses 128-bit block size rather than Blowfish’s 64-bit block size, so it is able to handle larger files better.
The performance speed does depend on the level of encryption employed. Furthermore, it has become the default VPN connection type, even though it requires third-party software support. It’s also little hard to set up which can be frustrating for the new VPN user.
Internet Key Exchange (version 2) is an IPSec based tunnelling protocol that was developed by Microsoft and Cisco. IKEv2 is good at re-establishing a VPN connection when users temporarily lose their internet connections.
Mobile users benefit from using IKEv2 VPN protocol because of its support for the Mobility and Multi-homing (MOBIKE) protocol, which is useful if you want to connect your phones to a Wi-Fi network while at home but switch to mobile data use when out and about.
IKEv2 is faster than PPTP and L2TP, as it does not use the overhead associated with Point-to-Point protocols (PPP). Stable and secure, easy to set up, and fully supportive of iOS, macOS, and Windows mobile devices, IKEv2 is available for Android devices but requires a connection with a third-party app.
Whichever VPN protocol you favor, all of our recommended VPN services offer hundreds of servers around the globe that use a variety of protocols. Find out more by checking our VPN comparison tool.
This website is an independent comparison site that aims to help consumers find the most suitable product for their needs. We are able to maintain a free, high-quality service by charging an advertising fee to featured brands whenever a user completes a purchase. These advertising fees might impact the placement of the brands on this page and combined with the conversion rates might impact the scoring as well which are further based on a combination of review findings, user experience and product popularity. For more information please review our how we rate page. We make best effort to present up-to-date information; however, we do not compare or include all service providers in the market.