VPN protocols

The most used VPN protocols at this moment


OpenVPN is an open-source VPN protocol written by James Yonan and launched in 2001. OpenVPN is (in our opinion) the most secure way to connect to a VPN server. The OpenVPN protocol is open-source and thereby by monitoring and improving everyone. OpenVPN uses OpenSSL for the encryption and authentication of a VPN connection.OpenSSL is also an open-source project and because of this, OpenVPN is highly reliable.

The biggest advantages of OpenVPN in a row:
  • OpenVPN is open-source: Open-source ensures user reliability. Open-source software can be checked by anyone, this also ensures that any errors can be quickly detected and improved.
  • OpenSSL as standard for encryption and authentication: OpenSSL uses an SSL/TLS security protocol. OpenSSL is also open-source.
  • For each operating system there is an OpenVPN client: Because OpenVPN is a broad-based protocol, a client can be found for any type of control system. The possibility of open-source also makes it easy for developers to create their own app for it.
  • OpenVPN is hard to block: Because OpenVPN uses the OpenSSL protocol and OpenSSL is a standard for many other purposes (e.g. websites), this is difficult to block in countries where VPN is prohibited or regulated.
The difference between OpenVPN TCP and OpenVPN UDP:
  • OpenVPN TCP: OpenVPN over TCP is more reliable, harder to block but slower than UDP. TCP ensures that packages arrive and is therefore more reliable, OpenVPN over TCP can act on the standard Internet ports (80,443) and is therefore difficult to block. However, ensuring the package arrival ensures a lower speed.
  • OpenVPN UDP: OpenVPN over UDP is fast, less reliable but is the best choice if your network supports it. UDP packages are not guaranteed to arrive, this ensures a faster connection. If your network supports it we recommend using OpenVPN over UDP. Streaming video or downloading has many advantages due to the higher speed over UDP.


Point to Point Tunneling Protocol (PPTP) was launched in 1999. PPTP has been developed as an extension of the PPP protocol. The PPTP protocol still uses the PPP protocol for encryption and authentication.

The benefits of PPTP in a row:
  • A VPN connection over PPTP is very fast.
  • PPTP is one of the oldest protocols, so it is supported on almost any device.
  • PPTP is very easy to setup.
The disadvantages of PPTP in a row:
  • PPTP has bad encryption and is already cracked by multiple agencies.
  • A VPN connection about PPTP is easily recognized, making it easy to block.


Layer 2 Tunneling Protocol (PPTP) was launched in 2000. Because the L2TP protocol does not contain encryption or authentication, it is often used in conjunction with IPSEC security.

The benefits of L2TP/IPSEC in a row:
  • L2TP/IPSEC is fairly quick because of the use of UDP packages.
  • L2TP in combination with IPSEC is safer than PPTP.
  • IPSEC is the authentication/security method, making it more difficult to view the connection.
The disadvantages of L2TP/IPSEC in a row:
  • L2TP/IPSEC consumes a high amount of CPU (Computer processor).
  • Connecting with L2TP/IPSEC may go wrong by combining L2TP and IPSEC.


Internet Key Exchange (IKE) was originally launched in 1998 as version 1. After necessary improvement, IKEv2 was created in 2005. IKEv2 is a safe protocol because it uses a double phase authentication. IPSEC is often used for the second phase.

The benefits of IKEv2 in a row:
  • A VPN connection about IKEv2 is very fast due to the use of UDP.
  • IKEv2 automatically restores the connection when a connection is lost.
  • IKEv2 is relatively easy to set.
The disadvantages of IKEv2 in a row:
  • IKEv2 is, by default, not available for any device.
  • A VPN connection over IKEv2 is easily recognized by the fact that it only uses UDP port 500, making it easy to block.


Secure Socket Tunneling Protocol (SSTP) was launched in 2006 when Windows Vista was introduced. Traffic over SSTP is very secure by using SSL/TLS encryption.

The benefits of SSTP in a row:
  • SSTP is very safe.
  • It's easy to set up on devices that support SSTP by default, these are mainly Windows devices.
  • SSTP uses TCP port 443, the same as HTTPS traffic. This makes SSTP very difficult to block.
The disadvantages of SSTP in a row:
  • SSTP has been developed and managed by Microsoft, which is perceived as negative for many people.
  • SSTP is not available for every type of device.


SoftEther was launched in 2014 and thus one of the latest VPN protocols. SoftEther is an open-source VPN protocol. SoftEther uses multiple encryption protocols underwater, including: OpenVPN, IPSEC and SSTP. We are very impressed with SoftEther and will start using this protocol much more often in the future.

The benefits of SoftEther in a row:
  • SoftEther is open-source and therefore available to everyone.
  • SoftEther is hard to block.
  • It is a very secure protocol by using multiple encryption capabilities.
  • Despite the high level of safety, SoftEther is also a very fast protocol.
SoftEther's disadvantages in a row:
  • You need a special app to connect with SoftEther.
  • It is relatively new and therefore far from developed.


WireGuard is an open-source VPN protocol that is still in development at the time of writing. WireGuard officially came out in 2018 and has been in further developed ever since. WireGuard has been developed with the latest state-of-the-art encryption and significantly improves speed. Many providers have donated to the WireGuard team and therefore also see the potential of what WireGuard.

The benefits of WireGuard in a row:
  • WireGuard's potential is to become the fastest protocol of the moment. At possible speeds above 1000Mbps.
  • WireGuard is open-source.
  • WireGuard is very secure by using state-of-the-art encryption.
WireGuard's disadvantages in a row:
  • WireGuard is still in development at the moment and in our opinion not yet safe enough to use.
  • Although some providers are already accepting the use of WireGuard, it is good to report that everything that still everything is being logged through WireGuard.