VPN protocols: what are they and which should I use?

Getting technical with your VPN could help you stay safer online - the choice is (usually) yours

vpn protocols
(Image credit: Shutterstock)

The best VPN, or virtual private network, is a wonder of security that works to keep you more secure, anonymous and unblocked when online – using protocols. That means you can have your identity hidden, internet activity masked and even appear to be somewhere you're not.

The way a VPN works is to assign you a new IP address which makes it look like you're somewhere else. This is done by routing your data through one of the VPN service's servers located in a different location. All that data is encrypted, keeping it secure in transit. But how the process works and which is best depends on protocols. There are lots of these and they can get quite complicated so we're sticking to the five most common to explain what they mean to you.

 PPTP protocol

The PPTP protocol, or point-to-point tunnelling protocol, is the oldest of the lot but because it works so well it's still in use. Thanks to its age - birthed in the nineties - this protocol is easy to set up and has near universal support. 

While this isn't encrypted as standard it usually comes bundled with an encryption of 128-bit. But since it's not complex at its core, it can run really fast compared to new, heavily encrypted protocols. As such this is ideal for speed and works well at unblocking geo-blocked content like Netflix or BBC iPlayer.

L2TP/IPsec protocol

The L2TP/IPsec protocol, or layer 2 tunneling protocol, might not have a catchy name but it does have very strong security thanks to encryption support up to 256-bit AES. L2TP, commonly paired with IPsec, or internet protocol security, is also a goody but an oldie. This is widely supported but does have a downside as it only uses a small number of network ports. That means if you're in a country that blocks VPNs (using a VPN for China, is a good example), this protocol will be easily blocked.

SSTP protocol

The SSTP, or secure socket tunneling protocol, is great for defeating VPN blocking since it can use the common port TCP 443, which is the one most sites use. This is largely thanks to the fact that the VPN protocol was developed by Windows. As such it's limited mostly to Windows users and also could have a backdoor built in for government snooping – though there's no evidence to support this.

OpenVPN

The OpenVPN protocol is one of the best and most widely used out there as a truly open source beast that keeps growing and evolving constantly. This uses OpenSSL and TLS and is pretty much system agnostic, with no native support for any one type of hardware – meaning it'll work anywhere. This can also be operated over TCP port 443 meaning you can piggyback on HTTPS website traffic to evade port-based VPN blocking.

Since this is one that gets used by lots of VPN providers, as they create specific clients to work with it, you can get lots of benefits but it all depends on which service you go for.

 IKEv2/IPsec protocol

The IKEv2/IPsec protocol combination is the birth child of Microsoft and Cisco and, as a naughties creation, is one of the newest. As such it's not the most widely supported, yet. Created with mobiles in mind this is able to keep the VPN up even when switching from Wi-Fi to mobile network connections. 

Another big plus here is speed. This is one of the fastest VPN protocols available. So while you get excellent speed and stability, you have to keep in mind Microsoft and Cisco created this so perhaps they have backdoors built in.

VPNs with customised protocols

With the competition so intense between VPN providers, each one needs to outgun the rest with their protocol boasts. That usually comes in the form of letting you decide which protocol you want to use (T3's #1 favorite ExpressVPN gives you the option that include OpenVPN, L2TP and IKEv2) while others have developed their own in-house security protocols.

That might sound like you'll pay a premium, but even our highest-rated free VPN Hotspot Shield has produced its very own 'Catapult Hydra' for added security and faster connection speeds.

Read more:

Luke Edwards

Luke is a former freelance writer for T3 with over two decades of experience covering tech, science and health. Among many others Luke wrote about health tech, software and apps, VPNs, TV, audio, smart home, antivirus, broadband, smartphones, cars and plenty more. In his free time, Luke used to climb mountains, swim outside and contort his body into silly positions while breathing as calmly as possible.