PPTP, L2TP, and a plethora of VPN protocols

UDP? TCP? OMG!

While they may appear to be intimidating, VPN protocols are quite easy to understand and essential to securing your online activity. In that spirit, ExpressVPN offers this quick guide to VPN protocols - what they are, and the best ones to use for a secure and private internet experience.

VPN protocols for dummies

Let’s start with the basics. VPN stands for Virtual Private Network, which is a secure tunnel between two or more devices. When you use a VPN, you are connected to the internet via an intermediary server run by the VPN provider (e.g. ExpressVPN).

The security of your connection is dictated by the VPN protocol, which is a set of instructions that define the encryption between two devices.

Different protocols use different encryption and authentication methods, resulting in differing levels of speed and security. Here are the most prominent protocols:

PPTP: Point-to-Point Tunneling Protocol

As one of the oldest and most basic protocols, PPTP has been kicking around since the good ol’ days of Windows 95, using the MS-CHAP v2 authentication suite. On the plus side, PPTP is very fast and easy to set up. However, it is not at all secure and almost certainly decryptable by the NSA and other intelligence agencies.

In short: don’t use PPTP if there are any other protocol options available.

L2TP: Layer 2 Tunnel Protocol

L2TP is an upgrade from PPTP, offering stronger security at the cost of reduced speed. L2TP is commonly used with the IPsec (Internet Protocol Security) protocol, so the two are often referred together as L2TP/IPsec.

Like PPTP, L2TP is available on all modern platforms and is quite easy to set up. While it’s not as secure as some of the other protocols on this list and can be blocked by firewalls, L2TP is serviceable for anonymization or for changing VPN locations. All in all, L2TP is a “quick and dirty” solution.

OpenVPN

OpenVPN is the gold standard of VPN protocols. It offers the highest performance, the best security, and is highly configurable. As an open source protocol, OpenVPN also benefits from the support of the open source community, who frequently improves the code to ensure there’s no tampering by surveillance agencies.

And in case you're wondering: Yes, all ExpressVPN apps use OpenVPN by default. You can choose between UDP (the best combination of speed and security) and TCP (increased connection reliability but reduced speed) ports to get the connection best suited to your needs. But with OpenVPN, you really can’t go wrong.

SSTP: Secure Socket Tunneling Protocol

SSTP offers most of the advantages of OpenVPN, but only on the Windows operating system. On the plus side, SSTP is very secure, is natively supported on all Windows devices, and can bypass most firewalls with ease.

Unfortunately, SSTP is not available on other operating systems and is not open source like OpenVPN. So while it's a good idea to use SSTP where OpenVPN is not available, keep in mind that the protocol belongs to Microsoft and could have a surveillance backdoor built in.

IKEv2: Internet Key Exchange version 2

IKEv2 is one of the newest and most advanced protocols. It offers great speed, is highly secure, and provides a very stable connection. IKEv2 is also available on most computing platforms (Windows, Mac, Android, iOS) and is pretty much the only option for BlackBerry users.

Unfortunately, IKEv2 is not currently available on all platforms (e.g. Linux) and is rather limited in configuration (unlike OpenVPN). In addition, not all implementations of the protocol are trustworthy, so be careful to only use open source versions of IKEv2.

Which VPN protocol should I use?

Now that you know most popular VPN protocols around, here’s a summary of when to use them.

Use when available:

OpenVPN

• Pros: Most secure, bypasses firewalls, highly configurable, open source
• Cons: Complicated setup process requires third party software

Use when OpenVPN is not available:

L2TP

• Pros: More secure than PPTP, easy to set up, widely available
• Cons: Struggles with restrictive firewalls

SSTP

• Pros: Very secure, bypasses most firewalls, natively supported on Windows
• Cons: Only available on Windows, not open source

IKEv2

• Pros: Very secure, very fast, very stable
• Cons: Not available on all platforms, limited configurations, non-open source implementations untrustworthy

Use when security and privacy are not necessary:

PPTP

• Pros: Very fast, easy to set up, widely available
• Cons: Not secure

So there you have it, a breakdown of the most popular VPN protocols available today. As a general rule, anything stronger than PPTP is ok for everyday internet usage. But if you want the optimal combination of speed, security, and performance, OpenVPN is the clear-cut choice.

And for those looking for maximum internet privacy and security, don’t stop at using the right VPN protocol. Take a moment and check out these mobile apps, browser extensions, and general tips too!

Tunnel: Manuel Joseph / Pexels (Image has been modified)