Whether you’re just starting to use a VPN or have been using it for quite a while now, it is important to be informed about the VPN protocols and their differences, as they are one of the core elements of any VPN service.
What is a VPN protocol?
It is a set of rules and/or instructions that determine how your data routes between your device and the VPN server.
What’s the difference?
Different VPN protocols have different security levels and purposes - some VPN protocols prioritize speed while others focus on masking or encrypting data packets for privacy and security.
Additionally, please note that usually different protocols use different ports, so changing the protocol can help you to overcome firewall blocks/network restrictions or even help you access some services that require specific connections (games, etc.).
This guide will cover some of the most commonly used VPN protocols:
- OpenVPN. Open source, very secure, slower speeds. A very popular and highly secure protocol used by many VPN providers. It is an open source protocol, meaning it’s transparent. Anyone can check the code for hidden backdoors or vulnerabilities. It runs on either the TCP or UDP internet protocol. TCP makes sure your packets (data) arrive fully and in order, which can make it slower, while UDP focuses more on speed (but is a bit more chaotic). Here you can find more information about TCP and UDP. Available on all supported Operating Systems with NordVPN.
- IKEv2. Very stable and secure, fast speed, limited compatibility. IKEv2 stands for Internet Key Exchange volume 2, which was developed by Microsoft and Cisco and is paired with Internet Protocol Security (IPSec) for encryption and authentication. Due to that, IKEv2 works with most leading encryption algorithms, making it very secure. Its main use is for mobile devices, specifically for mobile data/LTE, since it’s good at reconnecting whenever a connection is dropped or whether you switch from Wi-Fi to mobile data or vice versa. The only con is its limited compatibility. It is natively supported with the NordVPN app for iOS and macOS devices, but can also be set up manually on Windows, Android, and Linux devices.
- Wireguard. Open source, extremely fast, incomplete. It is the newest and fastest tunneling protocol available at the moment. It uses state-of-the-art cryptography that outshines previously mentioned protocols. However, it’s still considered experimental so VPN providers need to look for new solutions to overcome Wireguard’s vulnerabilities. NordVPN offers NordLynx, which is a solution based on Wireguard. Currently, it is considered the most convenient protocol available (in terms of amazing connection speed and provided security) for NordVPN users thus it’s enabled by default on most systems (except Linux) and available on all supported systems with the app.
- L2TP/IPSec. Widely available, slower speeds, potentially compromised by the NSA. It is actually a combination. Layer 2 Tunnel Protocol (L2TP) is the protocol that is paired with IPsec. In speed and security, it is on par with OpenVPN and is widely used due to its broad compatibility, however, is easily blocked due to the reliance of UDP on a single port. Some experts have voiced concerns that the protocol might have been weakened or compromised by the NSA, though. The NSA helped develop IPSec. It is no longer supported by NordVPN.
- Point to Point Tunneling Protocol (PPTP). Widely available, insecure, outdated (easily blocked). It was created in 1999 and was the first widely available VPN protocol. Uses some of the weakest encryption protocols of any VPN protocol on this list and has plenty of security vulnerabilities and, in fact, is quite outdated. PPTP has essentially become the bare minimum standard for tunneling and encryption. Almost every modern system and device supports it. This also makes it easy to set up and use. The NSA is said to regularly decrypt this protocol as a matter of course. It is also no longer supported by NordVPN.
How to change the VPN protocol?
If you’re a NordVPN user and use the app, it’s relatively simple.
- Windows: Settings menu (cog icon on the top left) > Auto-connect > Disable the “Choose a VPN protocol and server automatically” option > VPN protocol.
- On mobile devices (Android, iOS): settings menu (cog icon) > VPN connection > Protocol.
- macOS: Preferences tab (or the icon on the top-left side of the main menu) > General > VPN protocol.
- Linux: use commands nordvpn set technology to set connection technology (OpenVPN or NordLynx) and, if using the OpenVPN technology, nordvpn set protocol udp or tcp to switch between UDP and TCP protocols.
There are also manual setups available for the supported protocols (except NordLynx/Wireguard), that won’t require you to use the native app, but won’t come with some additional features as well. You can find tutorials on NordVPN’s Help Center by simply typing in the system’s OS and the protocol into the search tab.
If you’re a NordVPN veteran or VPN expert, what is your protocol of choice and why? Your thoughts and insights would definitely be appreciated by those who are just starting to get acquainted with VPN services.