About the different VPN protocols

We offer a number of different VPN protocols, each with its own pros and cons. Use the following list to select the protocol that best suits your needs. The list shows the protocols in order of our preference.

OpenVPN (UDP)

OpenVPN over UDP is our favorite VPN protocol.

VPNme supports this protocol on ports 53 and 1194.

Pros:

  • UDP transport passes through most firewalls, especially on certain ports.
  • UDP transport prevents TCP meltdown.
  • Lower overhead than most other protocols.
  • Highest-grade encryption.
  • Supports IPv6.

Cons:

  • OpenVPN setup can be complicated and requires third-party software on most systems.
  • Higher overhead than raw IPsec.

IPsec

Comes in two flavors, IKEv1 and IKEv2. The IKEv1 variant is sometimes called Cisco IPsec or IPsec with mode configuration. If a firewall is detected, the VPN will switch to a UDP encapsulation automatically.

Pros:

  • UDP encapsulation is pretty good at getting through firewalls.
  • Stateless transport prevents TCP meltdown.
  • Lowest overhead of any other protocol when using raw transport.
  • Highest-grade encryption.
  • Supported out of the box on lots of systems and devices.
  • IKEv2 supports IPv6.

Cons:

  • Setup involves certificates and can be daunting.

OpenVPN (TCP)

Just like OpenVPN over UDP, but uses TCP transport instead.

VPNme supports this protocol on any port except: 22, 1080, 1723.

Pros:

  • The best at punching through firewalls.
  • Highest-grade encryption.
  • Supports IPv6.

Cons:

  • Susceptible to TCP meltdown.
  • OpenVPN setup can be complicated and requires third-party software on most systems.
  • Fairly high overhead.

L2TP over IPsec

This protocol was supposed to replace Microsoft PPTP. It encapsulates your data using PPP, then sends that via UDP over IPsec. If that sounds like a lot of overhead, it is.

The IPsec layer can use certificates or, though strongly discouraged, a pre-shared key.

Any provider that gives everyone the same L2TP pre-shared key is effectively not encrypting your data at all.

Pros:

  • Supported by lots of systems and devices (especially routers) out of the box.
  • Just as good at getting through firewalls as raw IPsec.
  • Highest-grade encryption.

Cons:

  • Setup can involve certificates, which might be daunting.
  • High overhead.

Microsoft PPTP

The classic Windows VPN protocol. Supported by pretty much everything at this point, but has some serious flaws.

Pros:

  • Supported by everything out of the box.
  • Easiest setup, no certificates needed.

Cons:

  • RC4 encryption is somewhat weak.
  • GRE encapsulation is blocked by most firewalls.