Comparing VPN Protocols: OpenVPN, WireGuard, SSTP, and Beyond

Key Takeaways

Choosing the right VPN protocol is crucial for both speed and security. OpenVPN is the most popular and recommended protocol.

WireGuard, a relatively new protocol, displays potential in terms of speed. However, there are apprehensions regarding its privacy. Alternatively, other protocols such as SSTP, L2TP/IPsec, IKEv2/IPsec, and PPTP offer their own advantages and may be suitable depending on individual requirements. It is advisable to steer clear of PPTP due to its security vulnerabilities.

The choice of VPN protocol greatly impacts the functionality of a VPN. While some protocols outperform others, discovering the best protocol is a straightforward task since only a few options exist. This article on Cybersecurity Awareness Week is sponsored by Incogni.

What Is a VPN Protocol?

Simply put, a protocol is a collection of regulations that dictate the manner in which devices within a network interact with each other. When you establish an internet connection, for instance, you employ the hypertext transfer protocol (HTTP) to facilitate communication between your computer and the website you are accessing. Correspondingly, a VPN protocol is a specific kind of protocol designed exclusively for virtual private networks (VPNs).

The protocol encompasses a wide range of information. For HTTP, it defines the regulations governing the exchange of data between two devices (specifically HTML documents) and includes fundamental security guidelines.

By utilizing a VPN, you redirect your connection through a server managed by your VPN service. To ensure secure transmission, the VPN employs a distinct protocol tailored for VPNs. This protocol incorporates details about the encryption utilized in the connection, along with additional technical specifications.

How a VPN Protocol Affects You

A good protocol can have a significant impact on you: it can greatly improve both speed and security compared to a poor protocol. The speed of a protocol is often affected by the number of steps required to transmit information, while the security of a protocol can be compromised by flaws or the use of encryption keys with known weaknesses.

Using weak encryption can leave your data vulnerable to interception by your ISP or any intermediaries who may be monitoring your internet activity. It is crucial to ensure that you utilize a secure VPN protocol.

To assist you in selecting the most suitable VPN protocol for your requirements, and consequently the best overall VPN service, we will provide an overview of the protocols we have encountered most frequently, including some proprietary ones. We will begin with the top contenders - OpenVPN and WireGuard - and proceed to discuss other options in descending order of preference.

OpenVPN

OpenVPN is widely regarded as the top VPN protocol in terms of popularity. Virtually all VPN providers incorporate it into their offerings in one way or another. This protocol combines speed and security seamlessly, without compromising either aspect significantly. When opting for OpenVPN, most VPN providers provide the option to select between TCP and UDP. It is generally recommended to go with UDP for enhanced speed.

OpenVPN is widely regarded as one of the best VPN protocols, and it is used as the default by the majority of VPN providers. In most cases, there is no compelling reason to opt for alternatives. However, there are a few exceptions such as WireGuard, NordLynx, and Lightway, which we will discuss in detail below.

In fact, we strongly recommend choosing a VPN that includes OpenVPN and exercising caution with providers that do not have it as their default option, except for the aforementioned exceptions. In a specific comparison between Surfshark and ExpressVPN, we criticized Surfshark for using a subpar protocol as their default, resulting in a significant deduction of points.

WireGuard

OpenVPN is commonly regarded as the go-to choice for most individuals. Nonetheless, in 2021, a fascinating new protocol emerged that has the potential to surpass OpenVPN. WireGuard, as it is called, boasts remarkable speed, often outperforming OpenVPN even with comparable server loads. However, it is essential to note that a VPN connection's speed entails more than just the protocol itself.

WireGuard appears to be a reliable option, with NordVPN's NordLynx serving as a noteworthy proprietary protocol based on it. However, there have been concerns raised about WireGuard's privacy, particularly regarding the indefinite storage of users' IP addresses in certain instances.

Nonetheless, if speed is your primary priority, WireGuard could be an excellent substitute for OpenVPN. Although we generally favor OpenVPN, WireGuard is a close runner-up.

SSTP

Introducing our third contender, the Secure Socket Tunneling Protocol (SSTP), developed in the early 2000s. SSTP is widely recognized for its fast and reliable nature, although it may not surpass the performance of OpenVPN. If, for any reason, OpenVPN cannot be utilized, SSTP can be relied upon as a trustworthy alternative.

L2TP/IPsec and IKEv2/IPsec

The primary concern people have is that Microsoft, a company with a questionable track record regarding privacy, owns the code for this. While it is uncertain whether Microsoft collects data from SSTP connections or not, if this is a matter of concern for you, it might be advisable to steer clear of using this protocol.

This entry offers a dual benefit: L2TP and IKEv2 are both connection protocols commonly used alongside the IPsec security protocol to enhance encryption. However, there is a trade-off involved: L2TP is reliable but slow, whereas IKEv2 is extremely fast but has security vulnerabilities.

Developers find these protocols intriguing as they offer greater flexibility compared to OpenVPN. However, regular users may not perceive a significant difference. It is generally advisable to resort to L2TP and IKEv2 only when no other options are available.

PPTP

Moving on from some of the more advanced VPN protocols, we now delve into one that is considered to be among the least secure options. Point-to-point tunneling protocol (PPTP) is a dated VPN protocol from the nineties, which is not known for its robust security measures and operates at a significantly slower pace.

Proprietary VPN Protocols

Although it is no longer commonly utilized due to its obsolescence, certain VPNs still provide it as an option. Under no circumstances should PPTP be utilized, particularly when engaging in sensitive activities such as downloading files through BitTorrent or bypassing censorship in China.

Hydra

To conclude, let's delve into three intriguing proprietary protocols that have recently emerged. Designed exclusively for use by a VPN service, these protocols often claim to offer superior speeds, although there is limited transparency regarding their inner workings.

The Hydra protocol, utilized by Hotspot Shield, is a prime illustration of prioritizing speed over maximal security. Although it employs a weaker encryption, namely the 128-AES rather than the 256-bit variant, its exceptional velocity overshadows this drawback.

NordLynx

NordVPN opted to customize WireGuard instead of creating its own protocol, resulting in a remarkably speedy and seemingly secure VPN protocol. Enhancements to its servers would further elevate NordVPN's performance, as detailed in our comprehensive analysis of NordVPN versus ExpressVPN.

Lightway

Lightway, developed by our top choice VPN provider, ExpressVPN, is an exceptional VPN protocol. Similar to NordLynx, it offers exceptional security and surprisingly faster performance compared to other options, including WireGuard. While we acknowledge that OpenVPN has a more established reputation and track record, it is undeniable that Lightway is a protocol worth exploring.