VPN Protocols Explained: Which One Is Best

Released in 2014, SoftEther is one of the newer VPN protocols available. The early signs are that it offers good security without compromising on speed.

What VPN Protocol Should I Use? (Easy Guide – Updated 2023)

What VPN Protocol Should I Use? (Easy Guide - Updated 2023)

Virtual Private Networks (VPNs) are an invaluable solution to a prevalent issue today – preserving your anonymity and security while on the Internet. The inquisitive bunch among the millions of VPN users is most likely interested not only in obtaining a VPN but learning more about its ins and outs. This article is directed at those of you who want to get a better idea of VPN protocols, as well as which ones you should look and opt for.

We already gave an in-depth explanation on the various VPN protocols, along with their pros and cons. If you wish to get acquainted with them in detail, make sure to take a look. This article will provide more concise, information for those who want a quick and simple answer on the best overall VPN protocol.

Protocol Basics

In case you’re starting from scratch, a VPN protocol in the simplest of terms is the bread and butter of every VPN service. They are the backbone consisting of transmission protocols and encryption standards that grant you fast and secure access to VPN servers and back. There are five major VPN protocols: OpenVPN, PPTP, L2TP/IPSec, IKEv2, and SSTP Protocol Details

Here are the most important aspects of each VPN protocol:


  • Relatively new open-source protocol, considered as the “gold standard” due to its reliability.
  • Extremely popular with third-party services, no native support on any platform.
  • Supports a wide array of algorithms, ensuring the best level of security.
  • One of the fastest protocols available – speed depends on encryption level, but regular users won’t feel hindered in the majority of cases.
  • Setup may seem tricky at first glance, but every worthwhile VPN service comes with an automated process requiring minimal user input.

IKEv2 (Internet Key Exchange v2)

  • IPsec-based tunneling protocol, developed by Microsoft and Cisco.
  • Stable and secure thanks to reconnection capabilities and support for a variety of algorithms.
  • Delivers in the speed department. It’s relatively faster than L2TP, SSTP, and PPTP.
  • Supports Blackberry devices, but otherwise limited platform availability
  • Proprietary tech, so your opinion depends on your overall sentiments towards Microsoft; however, identical open-source versions exist.

L2TP (Layer 2 Tunneling Protocol)

  • Originated from Cisco’s L2F and Microsoft’s PPTP.
  • Does not offer any security on its own, which is why it’s usually paired with IPSec.
  • Built-in on all modern VPN-compatible devices/operating systems.
  • A decent all-around protocol, but recent leaks point towards it being compromised by the NSA.
  • Doesn’t offer any real advantages when compared to OpenVPN.

SSTP (Secure Socket Tunneling Protocol)

  • First introduced in Windows VIsta SP1 by Microsoft.
  • Entirely integrated into Windows – other platforms may not be able to use it.
  • Bypasses most firewalls with ease.
  • As Microsoft’s own technology, it offers little reassurance as to where your data is going.
  • Fast and relatively secure, but vulnerability to backdoors makes it one of the least appealing protocols.

PPTP (Point-to-Point Tunneling Protocol)

  • The first VPN protocol supported by Windows.
  • Supported by every VPN-capable device.
  • Very fast due to lower encryption standard.
  • Extremely insecure – known to be easily cracked by the NSA for a long time;
  • Despite Microsoft patching PPTP, they still recommend using other protocols such as SSTP or L2TP/IPSec.


In conclusion, for non-critical daily usage, OpenVPN, L2TP/IPsec, and IKEv2 are reliable options. You may also find SSTP suitable if you’re a Windows user, but we would caution against its usage due to potential vulnerabilities. This caution extends to L2TP and IKEv2 as well; in terms of security, the efficacy of these protocols is largely dependent on your trust in Microsoft. Even if you’re a staunch supporter of Microsoft, we advise using PPTP only as a final option, as its effectiveness in preserving your privacy is quite outdated.

To ensure utmost security, you should opt for a protocol with a proven track record of being devoid of recognized vulnerabilities. Presently, OpenVPN is the only protocol that meets this criterion. Additionally, it’s one of the handful of secure protocols accessible across multiple platforms.

Vital as it is, knowing what the best VPN protocol is won’t matter if you don’t choose a service that supports it. Therefore, we have compiled a list of the best VPNs available on the market — each and every one of them has OpenVPN and other fast, secure protocols fully integrated into their services, along with easy setup processes for a smooth VPN experience that will meet your expectations. Take a look:

VPN Protocols Explained: Which One Is Best?

JP Jones is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process.

  1. What Is a VPN?
  2. VPN Protocols

Our Verdict

OpenVPN is the most secure VPN protocol. It’s compatible with a range of encryption ciphers including AES-256, Blowfish, and ChaCha20. It has no known vulnerabilities and is natively supported by almost every VPN service. While we recommend OpenVPN, WireGuard is a secure and faster alternative.

illustration of a man putting a message into a secure network of pipes, protecting it from the unprotected data outside of the pipes

VPN protocols are the set of rules that describe how to create a secure connection between your device and a VPN server.

They’re also known as tunneling protocols, because they are responsible for forming the VPN tunnel that hides your web activity from internet snoopers.

VPNs use protocols to safely connect your device to a VPN server, and then use a cipher to encrypt the data that travels across that connection. For more detail, read our beginner’s guide to how VPNs work.

In this guide, we’ll explain and compare the different types of VPN protocols, and suggest which protocol is best depending on your needs.

  1. OpenVPN: Best VPN Protocol
  2. WireGuard: Fastest VPN Protocol
  3. IKEv2/IPSec: Great Protocol for Mobile Users
  4. SoftEther: Good for Bypassing Web Censorship
  5. L2TP/IPSec: Slow Protocol Not Worth Using
  6. SSTP: Closed-Source Protocol with Some Risks
  7. PPTP: An Insecure & Outdated Protocol

What’s In This Guide

  • The 7 Main VPN Protocols Explained
  • What Is the Best VPN Protocol?
  • How to Choose VPN Protocol

What’s In This Guide

  • The 7 Main VPN Protocols Explained
  • What Is the Best VPN Protocol?
  • How to Choose VPN Protocol

The 7 Main VPN Protocols Explained

Your choice of VPN protocol varies depending on which VPN you’re using.

Some VPN services let you choose from a wide range of protocols. Other VPNs won’t let you choose at all.

Each protocol has its own strengths and weaknesses, and you must understand the differences between them in order to choose the right protocol for your internet activity.

Below are the seven most commonly-used VPN protocols and their advantages:

Table of VPN encryption protocols and their security risks.

1. OpenVPN: The Best VPN Protocol

Pros Cons
Natively supported by almost every VPN service High bandwidth consumption
Open-source Not the fastest VPN protocol around
Been thoroughly tested over a long period of time Heavy code base
No known vulnerabilities
Users can choose between UDP and TCP versions
Compatible with a range of ciphers, including AES-256
Supports Perfect Forward Secrecy
The gold-standard VPN protocol over the last 2 decades

SUMMARY : OpenVPN is still the best VPN protocol we’ve tested. It has been the industry’s leading VPN protocol for well over a decade, expertly balancing unbreakable security with fast performance. We recommend using OpenVPN whenever it’s available.

Created in 2001 by James Yonan, OpenVPN is considered to be the most secure VPN protocol there is.

The software is open-source and has been around for over two decades, which means security researchers have spent plenty of time testing it for weaknesses and insecurities.

Currently, OpenVPN has no known vulnerabilities, so you can be sure your VPN connection is safe and private when using OpenVPN.

The protocol is compatible with a wide range of encryption ciphers, including AES, Blowfish, and ChaCha20.

OpenVPN is also a highly-configurable protocol. Almost every VPN app natively supports OpenVPN across most major platforms, including Microsoft Windows, Apple macOS, Android, Linux, and iOS.

For unsupported platforms, you’ll usually be able to download a configuration file that’ll allow you to manually set up an OpenVPN connection.

OpenVPN can work with two different communication protocols: TCP and UDP. These are transport-layer protocols that govern how carefully your data is transmitted across the network.

The key difference between them is that OpenVPN UDP is faster, but OpenVPN TCP provides a more reliable connection because it is better at bypassing firewalls.

Our advice is to always try UDP for your VPN connection. If you find it isn’t working, then switch to TCP.

OpenVPN’s main downside is that it isn’t as fast, lightweight, or efficient as some of the other VPN protocols. Its speeds are good, but not as quick as WireGuard or IKEv2.

It’s also the VPN protocol with the largest bandwidth requirements. As our VPN data usage tests show, OpenVPN consumes far more data than any other VPN protocol. This means if you’re using your VPN on mobile, you’ll reach your contract’s data limit around 20% quicker.

When to use OpenVPN:

  • If privacy and security are your absolute top priority, then you should use OpenVPN whenever possible.

When not to use OpenVPN:

  • If speed is crucial to your activity (e.g. gaming).
  • If you’re using a VPN while connected to cellular data (e.g. 3G/4G). You’ll reach your maximum allowance quicker and pay more in roaming charges when abroad.

2. WireGuard: The Fastest VPN Protocol

Pros Cons
Very light code base There are privacy concerns with its default configuration
Extremely fast speeds Not yet supported by every VPN service
Open-source Needs time to be fully tried-and-tested
Limited data consumption Can only be used with UDP
No known security issues
Good at handling network changes
Supports Perfect Forward Secrecy
Very easy to manually configure

SUMMARY : WireGuard is the newest VPN protocol on the scene, and it’s quickly matching OpenVPN. Its performance and efficiency are excellent, and there are no signs of insecurity (yet). If you’re not worried about its immaturity, then WireGuard might be the best VPN protocol for you.

WireGuard is a relatively new, open-source tunneling protocol designed to be faster and more efficient than the more popular OpenVPN protocol. To compare the two protocols, read our in-depth WireGuard vs OpenVPN guide.

Released in 2019, WireGuard has made a big impression on the VPN industry. Numerous VPNs acted quickly to integrate WireGuard into their service, and many have made it their default protocol.

WireGuard delivers on many of its creator Jason A. Donenfeld’s promises:

  • It is remarkably quick. According to WireGuard’s in-house tests, it performs over 3x faster than OpenVPN. We saw similar results in our own testing, especially on longer-distance connections.
  • The code base is impressively efficient. WireGuard stands at just 4,000 lines of code, which is around 100x smaller than counterparts like OpenVPN and IKEv2. Not only is this good for performance, it should also improve security. A smaller code base makes the protocol easier to audit and reduces the attack surface for hackers.
  • Data usage is minimal. Our tests found that WireGuard is by far the least bandwidth heavy VPN protocol. Compared to OpenVPN’s 20%, WireGuard only adds an additional 4% data consumption to your normal activity. Read more about this in our guide to VPNs and mobile data.

WireGuard’s infancy is the main factor working against it currently. While its performance benchmarks are excellent and there are no signs of any security vulnerabilities yet, it will take time to establish genuine trust.

This applies to its cipher as well. WireGuard is not compatible with tried-and-tested ciphers, such as AES-256. Instead, it uses the relatively new ChaCha20. All indicators suggest ChaCha20 is very secure and potentially even faster than AES, but privacy-conscious users always take time to warm up to new encryption technologies.

There are also some privacy concerns about WireGuard’s default configuration. VPN servers need to store a temporary log of your IP address for the protocol to work. This isn’t a requirement with other VPN protocols, which is concerning if left untreated.

Fortunately, mitigations can be put in place to overcome this issue. NordVPN, for example, integrates WireGuard with its proprietary Double NAT System to create a safer, custom protocol called NordLynx. Similarly, Mullvad deletes your IP address after ten minutes of inactivity.

Here’s a list of the VPN services that currently support WireGuard:

  • Astrill
  • AzireVPN
  • CactusVPN
  • CyberGhost
  • Hide.me
  • IVPN
  • Mullvad
  • NordVPN
  • PIA
  • StrongVPN
  • Surfshark
  • TorGuard
  • VPN.AC
  • VyprVPN
  • Windscribe

We expect this number to increase as WireGuard achieves mainstream acceptance.

When to use WireGuard:

  • All the early signs suggest that WireGuard is as safe and secure as OpenVPN, and significantly faster. If you’re happy trusting a newer protocol, we recommend using WireGuard for any activity.
  • WireGuard is especially good for mobile VPN users due to its low bandwidth consumption.

When not to use WireGuard:

  • If you’re especially cautious about your privacy and security online, you may prefer to give WireGuard more time to prove itself. You should also be wary of VPN services that are not taking measures to overcome the protocol’s IP logging requirement.
  • WireGuard is not as good at bypassing firewalls as other VPN protocols because it is only compatible with UDP. If you’re looking to circumvent censorship, you may have more success elsewhere.

3. IKEv2/IPSec: Great Protocol for Mobile Users

Pros Cons
Provides a very stable connection Closed-source (except for Linux)
Delivers fast speeds Possibly compromised by the NSA
Compatible with a range of ciphers, including AES-256 Bad for bypassing firewalls
Good at handling network changes
Supports Perfect Forward Secrecy

SUMMARY : IKEv2/IPSec is a fast VPN protocol that provides a very stable connection for mobile users who regularly switch between networks. There are suspicions it may have been hacked by the NSA, but for regular browsing we recommend IKEv2 as a safe and secure protocol.

Internet Key Exchange version 2 (IKEv2) is a VPN protocol that is especially popular among mobile users.

It offers very fast connection speeds and uses a MOBIKE protocol to seamlessly deal with the changing of networks. This makes IKEv2 great for mobile VPN users, who frequently switch between cellular data and WiFi networks.

IKEv2 was developed in a collaboration between Microsoft and Cisco, and is a successor to the original IKEv1.

On its own, IKEv2 doesn’t provide any encryption. Its focus is on authentication and creating a secure VPN tunnel. That’s why IKEv2 is typically combined with IPSec (Internet Protocol Security) to form IKEv2/IPSec.

IPSec is a suite of security protocols that uses 256-bit ciphers, such as AES, Camellia or ChaCha20. After IKEv2 has established a secure connection between your device and the VPN server, IPSec encrypts your data for its journey through the tunnel.

IKEv2/IPSec is supported by most VPN services, but unfortunately its code base is closed-source.

The protocol appears secure from the outside, but without the transparency of open-source it is impossible to verify that Microsoft haven’t built backdoors or other vulnerabilities into it.

NOTE: Linux versions of IKEv2/IPSec are open-source and audits have shown nothing untoward with the protocol. For this reason, the closed-source nature of IKEv2 is less concerning than with other closed-source protocols, such as SSTP.

Security researchers like Edward Snowden have also suggested that IPSec was deliberately weakened during its creation. While this is unconfirmed, it is widely suspected that any IPSec-based VPN protocol may be compromised by the NSA.

There is no evidence to suggest that IKEv2/IPSec is vulnerable to less sophisticated adversaries, such as hackers or ISPs. It is a fast, flexible, and mostly safe VPN protocol that will work well on your cell phone.

IKEv2 only works on UDP port 500. This is an easy port for firewalls and WiFi administrators to block, meaning IKEv2/IPSec is not an effective VPN protocol for bypassing censorship in places like China or Russia.

When to use IKEv2/IPSec:

  • If you’re using a VPN on your mobile and regularly switching between WiFi and cellular data (e.g. 3G/4G).

When not to use IKEv2/IPSec:

  • If you’re trying to bypass firewalls on your school or work’s local network, or circumvent censorship in an authoritarian country.
  • If you’re especially worried about your privacy and anonymity. IKEv2 being closed-source and IPSec’s possible association with the NSA are enough to cast doubt on the privacy of IKEv2/IPSec.

4. SoftEther: Good for Bypassing Censorship

Pros Cons
Open-source Only released in 2014
Very fast speeds Requires manual configuration to be safe
Compatible with a range of ciphers, including AES-256 Not natively supported on any OS
Good at bypassing firewalls Compatible with only a few VPN services

SUMMARY : SoftEther is a very fast and reasonably secure protocol. It is particularly good for bypassing censorship, but users should be wary of its default configuration settings and lack of mainstream VPN compatibility.

SoftEther is an open-source VPN protocol initially developed as part of a Master’s thesis at the University of Tsukuba.

Released in 2014, SoftEther is one of the newer VPN protocols available. The early signs are that it offers good security without compromising on speed.

SoftEther supports strong encryption ciphers, including AES-256 and RSA-4096. It also boasts speeds that are reportedly 13x faster than OpenVPN.

It is also well-designed to bypass heavy web censorship. SoftEther bases its encryption and authentication protocols on OpenSSL. Like SSTP and OpenVPN, this means it can use TCP Port 433, which is very difficult for firewalls and censorship systems to block.

In 2018, SoftEther received an 80-hour security audit which revealed 11 security vulnerabilities. These were patched in a subsequent update, but researchers at Aalto University have recently found that SoftEther is sometimes vulnerable to man-in-the-middle attacks.

This is because the default configuration is for clients not to verify the server’s certificate. Attackers can therefore impersonate a VPN server and gain access to user credentials and online activity.

When using SoftEther, be sure to tick the Always Verify Server Certificate box in the New VPN Connection settings.

screenshot of the server certificate verification options on the SoftEther new VPN connection settings

SoftEther’s default settings do not include server certificate verification

SoftEther is not supported natively on any operating system and very few VPN providers currently support its use. Of those we’ve tested, only Hide.me and CactusVPN support the SoftEther protocol.

When to use SoftEther:

  • If your VPN service supports it, you can use SoftEther for fast and safe browsing.
  • It is especially effective at overcoming firewalls and bypassing censorship.

When not to use SoftEther:

  • Don’t start using SoftEther until you have turned on ‘Always Verify Server Certificate’.

5. L2TP/IPSec: Slow and Not Worth Using

Pros Cons
Double encapsulation offers increased security Possibly compromised by the NSA
Natively supported on most platforms Slower than other VPN protocols
Compatible with a range of ciphers, including AES-256 Susceptible to Man-in-the-Middle attacks

SUMMARY : L2TP/IPSec is a relatively slow VPN protocol that requires workarounds to be used safely. Even then, it’s simply not worth it. There will almost always be a safer and faster VPN protocol available.

Created in 1999 as a successor to PPTP, Layer 2 Tunneling Protocol (L2TP) is an easy-to-use protocol that is natively supported by most VPN services, on most devices.

Like IKEv2, L2TP combines with IPSec to form a hybrid L2TP/IPSec VPN protocol. Unfortunately, this means it is susceptible to the same privacy concerns – raised by Edward Snowden – that IPSec has been compromised by the NSA.

There is also a separate security flaw with L2TP. This issue arises when it is used with a VPN service that uses pre-shared keys.

If the VPN’s encryption keys are available to download online, it opens the possibility for attackers to falsify authentication credentials, impersonate your VPN server, and eavesdrop on your connection. This is known as a man-in-the-middle attack.

L2TP does offer a double encapsulation feature, which wraps your data in two layers of protection. While this improves the security of the protocol, it also slows it down considerably.

Older protocols like L2TP can also be incompatible with NAT, which can cause connectivity problems. In this case, you’ll need to use a VPN passthrough feature on your router to connect to a VPN using L2TP.

L2TP/IPSec is the slowest VPN protocol on this list.

When to use L2TP/IPSec:

  • We recommend not using L2TP/IPSec at all.

When not to use L2TP/IPSec:

  • Don’t use L2TP if you’re revealing personal information, concerned about NSA surveillance, or using a VPN that publicly shares its encryption keys online.

6. SSTP: Closed-Source With Potential Risks

Pros Cons
Good at bypassing firewalls Closed-source
Easy to set up on Windows May be susceptible to Man-in-the-Middle attacks
Uses strong AES-256 encryption Worrying links with the NSA

SUMMARY : SSTP is a good VPN protocol in terms of performance: it’s reasonably fast and very effective at bypassing censorship. It has some notable privacy and security concerns, though. For these reasons, you should avoid using SSTP for sensitive traffic wherever possible.

Secure Socket Tunneling Protocol (SSTP) is a proprietary protocol owned and operated by Microsoft. It is closed-source, so details of its implementation are unclear.

We do know that SSTP is based on the SSL/TLS encryption standards.

This is good because it allows SSTP to use TCP Port 443. This is the port that all regular HTTPS traffic flows through, which makes it very difficult for firewalls to block.

As a result, SSTP is an effective VPN protocol to use if you’re trying to bypass censorship, such as the Great Firewall of China.

On the other hand, SSL 3.0 is vulnerable to a particular man-in-the-middle attack known as POODLE. It has not been confirmed whether SSTP is also affected by this vulnerability, but in our view it’s not worth the risk.

There’s also the issue of Microsoft’s past cooperations with the NSA. As a closed-source protocol produced by Microsoft, there’s a possibility that the NSA has built a backdoor into it.

When to use SSTP:

  • If you’re trying to bypass school, work, or government firewalls, and there isn’t a better protocol available.

When not to use SSTP:

  • Given the possibility of a POODLE attack and/or NSA surveillance, don’t use SSTP for any activity where your privacy, security or anonymity is of the utmost importance.

7. PPTP: Outdated and Insecure

Pros Cons
Very fast speeds Known security vulnerabilities
Natively supported on almost all platforms Not compatible with 256-bit encryption keys
Easy to set up Won’t bypass censorship
Reportedly cracked by the NSA
Ineffective as a privacy tool

SUMMARY : PPTP is fast because it doesn’t protect or secure your data. If you use PPTP to create your VPN tunnel, your traffic is easily exposed to eavesdroppers and it’s unlikely you’ll be able to unblock geographic restrictions or bypass firewalls.

Point-to-Point Tunneling Protocol (PPTP) was the original VPN protocol. Developed by Microsoft engineer Gurdeep Singh-Pall in 1996, it marked the birth of VPN technology.

Nowadays, PPTP is outdated and completely unsafe to use in a consumer VPN.

We don’t recommend using PPTP unless it is absolutely necessary. It is obsolete as both a privacy and security tool.

PPTP does deliver fast speeds, but this is partly because the strongest encryption key it can use is 128-bit. It is not compatible with the military-grade AES-256 cipher that the most secure VPNs use.

The protocol trades off speed for security in a way that leaves it with several known vulnerabilities. For example, it has been shown that a skilled attacker can hack into a PPTP-encrypted VPN connection in just a matter of minutes.

The NSA have also reportedly exploited PPTP’s insecurities to collect huge amounts of data from VPN users.

While it’s still sometimes used within business VPN networks, you should definitely avoid using PPTP for your personal VPN. Some VPN providers have even chosen to stop supporting PPTP altogether because of its vulnerabilities.

When to use PPTP:

  • We don’t recommend ever using PPTP. The only exception might be if you’re just looking for fast speeds and don’t care about privacy or security.

When not to use PPTP:

  • It is especially important that you never use PPTP for any activity involving sensitive information, such as bank details or passwords.

Proprietary VPN Protocols

A number of VPN services don’t just offer the protocols listed above. Many also create their own. These are referred to as proprietary VPN protocols.

Using a proprietary VPN protocol comes with both pros and cons. The main positive is that it is likely to be faster than the other options offered.

After spending time and money creating a new protocol, it’s only natural that a VPN service would dedicate its best servers and infrastructure to make it as fast as possible. Providers will often claim it’s more secure, too.

On the other hand, these protocols are usually almost entirely opaque.

Open-source protocols like OpenVPN have been studied by thousands of people to make sure that it’s safe, secure, and does exactly what it promises. Proprietary VPN protocols tend to be closed-source, so it’s very hard to say exactly what is going on behind the scenes.

The number of VPN providers that use their own VPN protocol is small, but growing steadily. Here are some important ones to look out for:

  • Astrill – OpenWeb and StealthVPN
  • ExpressVPN – Lightway
  • Hotspot Shield – Hydra
  • Hidester – CamoVPN
  • NordVPN – NordLynx
  • VPN Unlimited – KeepSolid Wise
  • VyprVPN – Chameleon
  • X-VPN – Protocol X

What Is the Best VPN Protocol?

The best VPN protocol to use depends on why you need a VPN and which qualities you value the most.

Here’s a table summarizing how the different protocols compare:

Protocol Encryption Speed Reliability Weaknesses
OpenVPN TCP 256-bit Moderate Very High No Known
OpenVPN UDP 256-bit Fast High No Known
PPTP 128-bit Very Fast Moderate Known
L2TP/IPSec 256-bit Moderate Moderate Suspected
SSTP 256-bit Fast Very High Suspected
SoftEther 256-bit Very Fast Very High Needs Fix
IKEv2/IPSec 256-bit Very Fast High Suspected
WireGuard 256-bit Very Fast High No Known

OpenVPN is the most secure VPN protocol around. It is the best one to use when privacy and security are crucial, and you’re fine with some reduced speeds and flexibility.

You should use OpenVPN to access the free internet in high-censorship states, or when torrenting, for example.

If OpenVPN isn’t available, SoftEther is another good option for bypassing censorship.

WireGuard is the fastest VPN protocol we’ve seen. It also seems to be extremely safe and secure, although its immaturity means we still favor OpenVPN for highly sensitive tasks. Use WireGuard for any activity where speed is vital, such as gaming or streaming.

WireGuard is also the most data efficient VPN protocol. If you’re using a VPN on your cell phone and you’re worried about data consumption, use WireGuard. It’ll keep your data usage to a minimum.

IKEv2 is another good protocol for mobile VPN users. Its MOBIKE protocol makes it the best for handling frequent and sudden network changes (e.g. between WiFI and cellular data).

IKEv2’s data usage isn’t quite as low as WireGuard, but it is still much more efficient than other VPN protocols like OpenVPN.

How to Choose VPN Protocol

Most VPN services allow you to change VPN protocol within the VPN app’s settings menu.

If this is the case, simply open up the settings menu and select the VPN protocol you want to use. Sometimes they will be hidden in a drop-down list.

Hide.me’s iOS Settings

If there is no option to select protocol within the custom app, you may be able to install alternative protocols using manual configuration.

NordVPN is one example of a VPN service that runs on OpenVPN but allows for manual installation of IKEv2.

If your VPN service supports alternative protocol configuration be sure to carefully follow the instructions given on its website.

Remember that even a VPN using the most secure protocols and ciphers on the market may put your personal data at risk in other ways.

To learn more, read our guide to VPN logging policies or see our research into VPN data leaks.