- Home
- 7 Common VPN Protocols Explained and Compared | ExpressVPN
What is the best VPN protocol?
If you’ve ever checked the settings on your ExpressVPN app, you’ll see a tab that lets you choose a protocol.
Protocols are methods by which your device connects to ExpressVPN’s secure servers. Find out how protocols differ and how to choose the best protocol for you.
30-day money-back guarantee
Introducing ExpressVPN’s Lightway protocol
We at ExpressVPN are proud to offer Lightway, a next-generation VPN protocol that provides the best in speed, security, and reliability. Learn more here.
Lightway is currently available on all ExpressVPN apps: Android, Windows, iOS, Mac, Linux, and routers. If you don’t yet have ExpressVPN, we encourage you to take advantage of our 30-day money-back guarantee and give it a try. We’re confident you’ll agree that Lightway is the best VPN protocol.
What are VPN protocols?
Let’s start with the basics. VPN stands for virtual private network, which is a secure tunnel between two or more devices. When you use a VPN, you are connected to the internet through an intermediary server run by the VPN provider (e.g., ExpressVPN).
The security of your connection is dictated by the VPN protocol, which is a set of instructions that define how two devices talk to each other. Different protocols use different encryption standards and authentication methods, resulting in differing levels of speed and security for VPN users.
Protocols determine what encryption algorithm to use, how to establish and verify encryption keys, and how to handle potential errors. VPN protocols may be designed to route all your data through this encrypted tunnel, or as is the case with HTTP proxies, only route your web traffic.
Which VPN protocol should you choose?
The ExpressVPN app takes the guesswork out of protocols by automatically selecting the best protocol for you based on the quality of your internet connection. That is why your protocol is always set to “Automatic” by default.
However, you may also manually choose a protocol if you have special circumstances or you are asked to do so by a member of our Support Team. Additionally, during its early phases, Lightway might not be included among the protocols available via the “Automatic” setting for all users. Therefore, users wanting to try Lightway might need to manually select it in their app settings.
What are the types of VPN protocols?
There are at least seven common types of VPN protocols. Understand the differences and get to know our recommendations.
Lightway
Built from the ground up by ExpressVPN, Lightway is created for the modern world, forgoing features that are no longer needed from a VPN and implementing those that provide a smooth, secure experience. Establishing a VPN connection takes only a fraction of a second, depending on your network, and you’ll stay connected to the VPN even when your device switches networks. Designed to be light on its feet, Lightway gets you connected quickly and securely while using less battery.
When it comes to security, Lightway uses wolfSSL, whose well-established cryptography library has been extensively vetted by third parties, including against the FIPS 140-2 standard. Lightway also includes post-quantum protection by default, shielding you against attackers with access to both classical and quantum computers. We’ve published the source code of Lightway on GitHub under an open-source license, ensuring transparency to our users.
In addition to running on the UDP protocol, Lightway also supports TCP, which can be slower than UDP but connects better on certain networks. This allows Lightway to be used in a wide range of scenarios.
Verdict: Always try Lightway first
Layer 2 Tunneling Protocol (L2TP)
A significant step up from pioneering but outdated protocols like PPTP and SSTP, the Layer 2 Tunneling Protocol delivers better security at the cost of reduced speed. L2TP is commonly paired with the IPsec protocol to deliver AES-256 encryption, with the combination of the two referred to as L2TP/IPsec.
However, L2TP/IPsec is still more suited for anonymization than for security, as there are other protocols, such as OpenVPN, offering even stronger levels of security.
Verdict: Nice to have
OpenVPN (TCP vs. UDP)
OpenVPN is a highly configurable open-source protocol. It’s available freely for all platforms and is held in high regard by the community, and it is widely adopted among consumer VPN services.
OpenVPN can most easily be configured to mask itself as ordinary internet traffic, which helps it evade detection by filters and firewalls. It has been widely audited by trusted independent researchers, making it appropriate for deployment even in sensitive environments.
In the ExpressVPN apps, users can toggle between UDP (optimal for speed) or TCP (optimal for connection reliability) within the app settings if they wish.
Verdict: One of the best
Internet Key Exchange Version 2 (IKEv2)
IKEv2 is one of the newest protocols and has significant strengths, particularly its speed. It’s well-suited for mobile devices across all platforms.
However, being primarily used in corporate environments, IKEv2 doesn’t have native support for Linux, and its lack of configurability can be a drawback. IKEv2 is also difficult to audit due to its strict licensing. ExpressVPN uses an open-source implementation of IKEv2 to ensure the integrity of the protocol.
IKEv2 is a popular choice, and it will sometimes be used by ExpressVPN apps when the protocol is set to “Automatic.”
Verdict: A solid choice, especially on mobile
Point to Point Tunneling Protocol (PPTP)
As one of the earliest entrants in the world of protocols, PPTP has a rich and storied history. It's been around since the days of Windows 95 but relies on the outdated MS-CHAP v2 authentication suite, which means it's easy to crack.
This inherent vulnerability does come with an advantage: The lack of encryption and authentication features means PPTP is the fastest VPN protocol. This also means that the contents of your connection can be seen by your ISP, your Wi-Fi operator, and government surveillance organizations like the NSA.
As such, we recommend that only people who know what they’re doing use PPTP, which is no longer supported on ExpressVPN apps.
WireGuard
WireGuard® is a free and open-source VPN protocol originally written by Jason A. Donenfeld and currently under development by Edge Security LLC. It has shown promise as a modern VPN protocol in terms of speed and its lighter codebase, and a number of VPN providers have begun adopting it in the past couple of years.
ExpressVPN currently does not support WireGuard.
Secure Socket Tunneling Protocol (SSTP)
The SSTP VPN protocol was solely developed by Microsoft and introduced along with Windows Vista. It is very similar to a PPTP tunnel wrapped in SSL, an early encryption protocol popular with securing web pages. As such, SSTP initially worked only on Windows devices, and it never gained popularity beyond that.
SSTP has limited configurability and does not stand out among available protocols.
ExpressVPN no longer supports SSTP.
What is the best VPN protocol?
Find out which VPN protocol you should use
If you’re looking for the trifecta of speed, security, and reliability, Lightway delivers on all fronts thanks to its lightweight codebase. It runs fast, uses less battery, and is easy to audit and maintain—meaning better security.
Lightway is generally the best VPN protocol for everything from gaming to IPTV, and other applications where speed and connection stability are crucial.
If Lightway isn’t available to you, OpenVPN or IKEv2 remain your go-to protocols. OpenVPN offers 256-bit AES encryption with best-in-class security algorithms, giving you extensive cloaking abilities and an impenetrable layer protecting your digital footprint. The codebase has been publicly audited and checked for bugs, implementation errors, and backdoors.
Mobile users will also be well-served by IKEv2, which offers similar speed, reliability, and security to OpenVPN.
What is the fastest VPN protocol?
Given different environments, internet speeds, or network configurations, different VPN protocols will perform better. Lightway is one of the fastest protocols available, alongside OpenVPN and IKEv2. Without its layer of encryption, PPTP could be called the fastest VPN protocol. However, we don’t recommend you use PPTP, and the protocol is not available on any ExpressVPN apps.
What is the most secure VPN protocol?
Lightway, IKEv2, L2TP, and OpenVPN are all secure protocols, but the title of the most secure VPN protocol should go to Lightway, which uses wolfSSL, a well-established cryptography library that is FIPS 140-2 validated—which means it has been rigorously vetted by third parties.
Lightway also includes post-quantum support, protecting our users against attackers with access to both classical and quantum computers. ExpressVPN is one of the first VPN providers to deploy post-quantum protection, helping users to remain secure in the face of quantum computing advancements.
Lightway’s core code was audited and open-sourced in 2021 so that it could be transparently and widely scrutinized for security vulnerabilities. In 2022, Lightway was independently audited for a second time, further validating its security.
OpenVPN is also recommended, because it has been extensively audited by multiple neutral experts. Its open-source implementations are available for anyone to inspect and improve.
What VPN protocol should I use?
If you’re using ExpressVPN, your default choice is not to choose: Just select “Automatic” and let the app select the best protocol for your situation. But if you have special circumstances and want to choose your protocol manually, here’s an at-a-glance reference list of when to use each one:
Lightway: Very stable and secure, and typically connects in a split second. It’s built for the movement of a modern internet user, seamlessly reconnecting after network changes or drops. Plus it won’t drain your battery.
OpenVPN: Fast, rugged, and secure. Works on all devices and platforms without breaking a sweat. The only slight drawback is that manual configuration is tedious and uncomfortable. Generally use the OpenVPN protocol if Lightway is not available.
L2TP/IPsec: Cookie-cutter VPN solution that’s easy to set up and used widely across the VPN landscape. Has more advanced security features as compared with PPTP, but it can struggle to evade some firewalls.
IKEv2: Most suited for mobile devices, particularly if you’re using a BlackBerry. Stable, fast, and secure. A solid alternative to Lightway and OpenVPN.
PPTP: The oldest VPN protocol in use today, but also the most poorly configured. Offers top-notch speed but incredibly lax security and is likely compromised by state actors. PPTP is not supported by ExpressVPN.
WireGuard: Slowly gaining traction among consumer VPN services, this lean protocol is still under active development and currently lacks the trust of the OpenVPN suite.
SSTP: Works only on Microsoft devices. Considered to be secure and fast, but its ownership raises some questions.