7 Common VPN Protocols Explained and Compared | ExpressVPN (2024)

Built from the ground up by ExpressVPN, Lightway is created for the modern world, forgoing features that are no longer needed from a VPN and implementing those that provide a smooth, secure experience. Establishing a VPN connection takes only a fraction of a second, depending on your network, and you’ll stay connected to the VPN even when your device switches networks. Designed to be light on its feet, Lightway gets you connected quickly and securely while using less battery.

When it comes to security, Lightway uses wolfSSL, whose well-established cryptography library has been extensively vetted by third parties, including against the FIPS 140-2 standard. Lightway also includes post-quantum protection by default, shielding you against attackers with access to both classical and quantum computers. We’ve published the source code of Lightway on GitHub under an open-source license, ensuring transparency to our users.

In addition to running on the UDP protocol, Lightway also supports TCP, which can be slower than UDP but connects better on certain networks. This allows Lightway to be used in a wide range of scenarios.

Verdict: Always try Lightway first

A significant step up from pioneering but outdated protocols like PPTP and SSTP, the Layer 2 Tunneling Protocol delivers better security at the cost of reduced speed. L2TP is commonly paired with the IPsec protocol to deliver AES-256 encryption, with the combination of the two referred to as L2TP/IPsec.

What is the IPsec VPN protocol?

IPsec stands for Internet Protocol security, a flexible VPN protocol that authenticates and encrypts each individual IP packet. It is often combined with protocols like L2TP that do not offer encryption by themselves.

L2TP/IPsec is more suited for anonymization than for security, as there are other protocols, such as OpenVPN, offering even stronger levels of security.

Verdict: Nice to have

OpenVPN is a highly configurable open-source protocol. It’s available freely for all platforms and is held in high regard by the community, and it is widely adopted among consumer VPN services.

OpenVPN can most easily be configured to mask itself as ordinary internet traffic, which helps it evade detection by filters and firewalls. It has been widely audited by trusted independent researchers, making it appropriate for deployment even in sensitive environments.

In the ExpressVPN apps, users can toggle between UDP (User Datagram Protocol) or TCP (Transmission Control Protocol) within the app settings if they wish.

What is the difference between UDP and TCP?

Simply put, UDP prioritizes fast data transfer at the expense of reliability, while TCP prioritizes reliability over speed. Moreover, TCP is a connection-oriented protocol, requiring a connection to be established before data is exchanged, whereas UDP is a connectionless protocol, which can result in data packets being lost in transmission or arriving out of sequence.

Verdict: One of the best

IKEv2 is one of the newest protocols and has significant strengths, particularly its speed. It’s well-suited for mobile devices across all platforms.

However, being primarily used in corporate environments, IKEv2 doesn’t have native support for Linux, and its lack of configurability can be a drawback. IKEv2 is also difficult to audit due to its strict licensing. ExpressVPN uses an open-source implementation of IKEv2 to ensure the integrity of the protocol.

IKEv2 is a popular choice, and it will sometimes be used by ExpressVPN apps when the protocol is set to “Automatic.”

Verdict: A solid choice, especially on mobile

As one of the earliest entrants into the world of protocols, PPTP has a rich and storied history. It’s been around since the days of Windows 95 but relies on the outdated MS-CHAP v2 authentication suite, which means it’s easy to crack.

This inherent vulnerability does come with an advantage: The lack of encryption and authentication features means PPTP is the fastest VPN protocol. This also means that the contents of your connection can be seen by your ISP, your Wi-Fi operator, and government surveillance organizations like the NSA.

As such, we recommend that only people who know what they’re doing use PPTP, which is no longer supported on ExpressVPN apps.

WireGuard® is a free and open-source VPN protocol originally written by Jason A. Donenfeld and currently under development by Edge Security LLC. It has shown promise as a modern VPN protocol in terms of speed and its lighter codebase, and a number of VPN providers have begun adopting it in the past couple of years.

ExpressVPN currently does not support WireGuard.

The SSTP VPN protocol was solely developed by Microsoft and introduced along with Windows Vista. It is very similar to a PPTP tunnel wrapped in SSL, an early encryption protocol popular with securing web pages. As such, SSTP initially worked only on Windows devices, and it never gained popularity beyond that.

SSTP has limited configurability and does not stand out among available protocols.

ExpressVPN no longer supports SSTP.

Find out which VPN protocol you should use

If you’re looking for the trifecta of speed, security, and reliability, Lightway delivers on all fronts thanks to its lightweight codebase. It runs fast, uses less battery, and is easy to audit and maintain—meaning better security.

Lightway is generally the best VPN protocol for everything from gaming to IPTV, and other applications where speed and connection stability are crucial.

If Lightway isn’t available to you, OpenVPN or IKEv2 remain your go-to protocols. OpenVPN offers 256-bit AES encryption with best-in-class security algorithms, giving you extensive cloaking abilities and an impenetrable layer protecting your digital footprint. The codebase has been publicly audited and checked for bugs, implementation errors, and backdoors.

Mobile users will also be well-served by IKEv2, which offers similar speed, reliability, and security to OpenVPN.

Lightway, IKEv2, L2TP, and OpenVPN are all secure protocols, but the title of the most secure VPN protocol should go to Lightway, which uses wolfSSL, a well-established cryptography library that is FIPS 140-2 validated—which means it has been rigorously vetted by third parties.

Lightway also includes post-quantum support, protecting our users against attackers with access to both classical and quantum computers. ExpressVPN is one of the first VPN providers to deploy post-quantum protection, helping users to remain secure in the face of quantum computing advancements.

Lightway’s core code was audited and open-sourced in 2021 so that it could be transparently and widely scrutinized for security vulnerabilities. In 2022, Lightway was independently audited for a second time, further validating its security.

OpenVPN is also recommended, because it has been extensively audited by multiple neutral experts. Its open-source implementations are available for anyone to inspect and improve.

What is a VPN?

Browse privately

How fast is your VPN?