What is a VPN protocol?

When looking at VPNs, one thing you'll notice is that many of them advertise the use of different VPN protocols, with the best VPNs even having their own custom-made protocols.

This is all well and good, but you may be wondering what a VPN protocol is. You might not understand the different benefits of various protocols, and which ones you should be using for enhanced security or super-fast speeds.

We'll take you through what a VPN protocol actually is, how they work, and what differences to look out for.

The best VPN on the market: NordVPN
In our testing, NordVPN came out on top as the very best VPN around. It unblocked every streaming site we tested it with, has some of the fastest connection speeds of any VPN as well as providing class-leading privacy. Plans start from $3.09 per month ($83.43 up front pre-tax). There's 3 extra months of free protection and a 30-day money-back guarantee, so you can try it out to see if it's right for you.

View Deal

What is a VPN protocol?

VPN protocols are essentially what makes a VPN work. It dictates how data is sent between your device and your VPN provider’s server.

When you connect to a VPN server, the protocol you’ve picked tells the VPN app on your device exactly how to create a secure and encrypted connection – a "tunnel" – between the server and your device.

This tunnel acts as a layer of protection between your online activities and all manner of potential cyber threats, hackers, and prying eyes.

What are the different types of VPN protocol?

There are multiple different types of VPN protocol, with each protocol offering varying levels of speed and security. The most commonly used protocols by most, if not all VPN providers are OpenVPN, WireGuard, IKEv2, and IPSec.

If you search through VPN providers' websites, you may also see references being made to protocols including L2TP, PPTP, and SSTP. However, these VPN protocols are older and more insecure.

As a result of this, the most secure VPN providers don't offer these anymore as they simply don't have the same speeds or levels of protection as OpenVPN or WireGuard.

Some VPNs are even moving away from OpenVPN. It's a secure and reliable VPN veteran but also slow and seen as out-dated. Mullvad VPN has announced it's shutting down its OpenVPN servers in January 2026.

VPN providers also have their own unique protocols. Examples include NordVPN’s NordLynx, ExpressVPN’s Lightway and Lightway Turbo, and Proton VPN's Stealth.

All these protocols are either built from or inspired by WireGuard, with each VPN provider adding their own enhancements.

What encryption do different VPN protocols use?

Another option to consider when choosing a VPN protocol is the encryption algorithm it uses.

Your data is scrambled before it leaves your device, and then unscrambled when it gets to the other end to be read.

There are multiple different types of encryption algorithms employed by VPN providers, each with their own benefits.

• Post-quantum: Post-quantum encryption (PQE) is the new industry standard, and is designed to withstand attacks from quantum computers. PQE is still in its infancy and not every VPN provider has adopted it yet but its use will increase in the coming months and years.
• AES-256: Prior to PQE, AES-256 was the highest standard of encryption algorithm. Its uses a 256-bit key to scramble data and is considered to be virtually impenetrable when facing non-quantum computer attacks. It is used by many VPNs and most consumer tools that encrypt your data.
• ChaCha20: Preferred by some thanks to its capabilities of higher speeds than OpenVPN, ChaCha20 is an efficient yet secure encryption algorithm. It uses the same 256-bit key to scramble and unscramble data, also known as a symmetric key.

Another aspect of VPN protocols is which network protocol they use. The two most common options are UDP and TCP:

• UDP. UDP stands for User Datagram Protocol, and it sends data over the internet. It is fast and efficient, but less reliable than other ways of sending data. This is due to the fact that it is connectionless, meaning it doesn't establish a prior connection between the two parties the data is being sent between. This makes is a lot faster, but increases the risk of data packet loss during the transfer.
• TCP. Transmission Control Protocol, or TCP, transfers data over the internet by sending data packets to a server. Unlike UDP, it establishes a connection between your device and the server before sending the data, meaning that it ensures all the data arrives at its destination. However, because of this, it is slower than UDP.

Many VPNs offer both UDP and TCP, allowing you to pick which VPN protocol and which network protocol you use.

However, some VPN protocols work better on a specific network protocol, e.g. OpenVPN works best on UDP but can be used on both TCP and UDP.

Which VPN protocol should you use?

All these different protocols vary in terms of speed, security, and compatibility and which one you should use is going to depend on exactly what you need a VPN for.

If your main concern is signing up to one of the fastest VPNs, then one that offers WireGuard (or NordLynx/Lightway) is going to be your best bet.

This is because this is a lightweight VPN protocol made up of a few thousand words of code. It's built for efficiency, meaning it is far faster than OpenVPN.

However, if security is of a higher concern to you than fast connection speeds, then the tried and tested OpenVPN protocol offers the best security. It's open-source and was created with privacy and security in mind.

Fast speeds can be achieved with OpenVPN despite its shortcomings. Our testing saw ExpressVPN's Lightway hit 898 Mbps with OpenVPN. Norton VPN has also introduced an OpenVPN DCO, which it claims can double OpenVPN speeds.

While most of the best VPNs will offer WireGuard and OpenVPN, not every provider will offer every protocol, and especially not provider-specific ones like NordLynx or Lightway. So, if you have your heart set on a specific protocol, it's important to make sure your chosen VPN provider offers this.

Even better, pick a VPN provider which offers a choice of different protocols, so you can test them out and see which one suits your needs best.