What is a VPN protocol?

VPN graphic on yellow background
(Image credit: Vertigo3d / Getty Images)

When looking at VPNs, one thing you'll notice is that many of them advertise the use of different VPN protocols, with the best VPNs even having their own custom-made protocols.

This is all well and good, but you may be wondering what a VPN protocol is. You might not understand the different benefits of various protocols, and which ones you should be using for enhanced security or super-fast speeds.

We'll take you through what a VPN protocol actually is, how they work, and what differences to look out for.

The best VPN on the market: NordVPN$3.09 per month

The best VPN on the market: NordVPN
In our testing, NordVPN came out on top as the very best VPN around. It unblocked every streaming site we tested it with, has some of the fastest connection speeds of any VPN as well as providing class-leading privacy. Plans start from $3.09 per month ($83.43 up front pre-tax). There's 3 extra months of free protection and a 30-day money-back guarantee, so you can try it out to see if it's right for you.

What is a VPN protocol?

VPN protocols are essentially what makes a VPN work. It dictates how data is sent between your device and your VPN provider’s server.

When you connect to a VPN server, the protocol you’ve picked tells the VPN app on your device exactly how to create a secure and encrypted connection – a "tunnel" – between the server and your device.

This tunnel acts as a layer of protection between your online activities and all manner of potential cyber threats, hackers, and prying eyes.

VPN

(Image credit: Da-Kuk/Getty Images)

What are the different types of VPN protocol?

There are multiple different types of VPN protocol, with each protocol offering varying levels of speed and security. The most commonly used protocols by most, if not all VPN providers are OpenVPN, WireGuard, IKEv2, and IPSec.

If you search through VPN providers' websites, you may also see references being made to protocols including L2TP, PPTP, and SSTP. However, these VPN protocols are older and more insecure.

As a result of this, the most secure VPN providers don't offer these anymore as they simply don't have the same speeds or levels of protection as OpenVPN or WireGuard.

Some VPNs are even moving away from OpenVPN. It's a secure and reliable VPN veteran but also slow and seen as out-dated. Mullvad VPN has announced it's shutting down its OpenVPN servers in January 2026.

VPN providers also have their own unique protocols. Examples include NordVPN’s NordLynx, ExpressVPN’s Lightway and Lightway Turbo, and Proton VPN's Stealth.

All these protocols are either built from or inspired by WireGuard, with each VPN provider adding their own enhancements.

What encryption do different VPN protocols use?

Another option to consider when choosing a VPN protocol is the encryption algorithm it uses.

Your data is scrambled before it leaves your device, and then unscrambled when it gets to the other end to be read.

There are multiple different types of encryption algorithms employed by VPN providers, each with their own benefits.

  • Post-quantum: Post-quantum encryption (PQE) is the new industry standard, and is designed to withstand attacks from quantum computers. PQE is still in its infancy and not every VPN provider has adopted it yet but its use will increase in the coming months and years.
  • AES-256: Prior to PQE, AES-256 was the highest standard of encryption algorithm. Its uses a 256-bit key to scramble data and is considered to be virtually impenetrable when facing non-quantum computer attacks. It is used by many VPNs and most consumer tools that encrypt your data.
  • ChaCha20: Preferred by some thanks to its capabilities of higher speeds than OpenVPN, ChaCha20 is an efficient yet secure encryption algorithm. It uses the same 256-bit key to scramble and unscramble data, also known as a symmetric key.

Another aspect of VPN protocols is which network protocol they use. The two most common options are UDP and TCP:

  • UDP. UDP stands for User Datagram Protocol, and it sends data over the internet. It is fast and efficient, but less reliable than other ways of sending data. This is due to the fact that it is connectionless, meaning it doesn't establish a prior connection between the two parties the data is being sent between. This makes is a lot faster, but increases the risk of data packet loss during the transfer.
  • TCP. Transmission Control Protocol, or TCP, transfers data over the internet by sending data packets to a server. Unlike UDP, it establishes a connection between your device and the server before sending the data, meaning that it ensures all the data arrives at its destination. However, because of this, it is slower than UDP.

Many VPNs offer both UDP and TCP, allowing you to pick which VPN protocol and which network protocol you use.

However, some VPN protocols work better on a specific network protocol, e.g. OpenVPN works best on UDP but can be used on both TCP and UDP.

Graphic of VPN encryption

(Image credit: Getty Images)

Which VPN protocol should you use?

All these different protocols vary in terms of speed, security, and compatibility and which one you should use is going to depend on exactly what you need a VPN for.

If your main concern is signing up to one of the fastest VPNs, then one that offers WireGuard (or NordLynx/Lightway) is going to be your best bet.

This is because this is a lightweight VPN protocol made up of a few thousand words of code. It's built for efficiency, meaning it is far faster than OpenVPN.

However, if security is of a higher concern to you than fast connection speeds, then the tried and tested OpenVPN protocol offers the best security. It's open-source and was created with privacy and security in mind.

Fast speeds can be achieved with OpenVPN despite its shortcomings. Our testing saw ExpressVPN's Lightway hit 898 Mbps with OpenVPN. Norton VPN has also introduced an OpenVPN DCO, which it claims can double OpenVPN speeds.

While most of the best VPNs will offer WireGuard and OpenVPN, not every provider will offer every protocol, and especially not provider-specific ones like NordLynx or Lightway. So, if you have your heart set on a specific protocol, it's important to make sure your chosen VPN provider offers this.

Even better, pick a VPN provider which offers a choice of different protocols, so you can test them out and see which one suits your needs best.

Disclaimer

We test and review VPN services in the context of legal recreational uses. For example: 1. Accessing a service from another country (subject to the terms and conditions of that service). 2. Protecting your online security and strengthening your online privacy when abroad. We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Shaun Rockwood
Contributor

After graduating from Stirling University with a qualification in Education, Shaun accidentally fell into the technology sector in the late 1990's and has stayed there ever since, working for companies such as PSINet, IBM and ProPrivacy in a variety of roles from Systems Administration to Technical Writer. Being around since the birth of the modern internet, he's seen the way that technology has expanded to become an integral part of everyday life, and how people's understanding and ability to retain any kind of privacy has lagged behind.




Shaun is a strong believer in the rights of the individual to have their personal data protected and their privacy respected – a belief made all the stronger in an age of surveillance from both governmental bodies and private companies all around the world.




He spends his spare time cooking, riding his motorbike and spending far too many hours in Star Trek Online hunting Klingons and Borg.

With contributions from

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.