Not all VPN protocols are created equal. Most are probably not natively supported by your operating system (i.e. you might have to download an app to use it, if it works at all). Some have serious security vulnerabilities that make them very insecure. Others are trusted around the world by businesses and individuals alike.

This is a non-exhaustive list of eight VPN protocols that are currently being actively developed or are supported by VPN providers. For each protocol we've included Operating System Support, Ciphers, Encryption Libraries, Authentication Methods, Security and Trust, and even whether or not the Great Firewall can detect it.

We will be periodically updating this page and will announce any and all updates on our blog. Please note that this is a living document and information on it might change at any time.

What VPN protocol should I use?

  • Short Answer: L2TP/IPSec as its most likely to be supported by your computer or other device.
  • Long Answer: See table(s) below ...

VPN Protocols [1] Compared

OpenVPN [2] OpenVPN xor [2] L2TP/IPsec [3] SSTP [4]
Client OS Support windows Linux OS X Android iOS Chrome OS windows Linux OS X windows Linux OS X Android iOS Chrome OS windows Linux OS X Support [1] F - S1 F - S2 F - S1 ?
Ciphers [10] Varies (incl. AES-256, Blowfish) see OpenVPN, xor AES, 3DES RC4, AES
Encryption Libraries OpenSSL, PolarSSL see OpenVPN OpenSSL, NSS, cryptodev Microsoft CryptoAPI - MS-CAPI (?)
Authentication Methods Varies (see note) see OpenVPN IKEv1, IKEv2 MSCHAPv2, EAP
Security / Trust Tried and Tested (c. 2001) see OpenVPN (c. 2013) Tried and Tested (c. 1998) (c. 2007)
Great Firewall [9] Detected Undetected Undetected Undetected
Cont. SoftEther [5] OpenSSH [6] ScrambleSuit [7] PPTP [8]
Client OS Support windows Linux OS X windows Linux OS X Android iOS Chrome OS windows Linux OS X windows Linux OS X Android iOS Support [1] ? Y F - S2 Nope
Ciphers [10] RC4, AES-128, AES-256, DES, 3DES AES, 3DES, Blowfish, RC4 AES-256 RC4
Encryption Libraries OpenSSL OpenSSL PyCrypto Microsoft CryptoAPI - MS-CAPI (?)
Authentication Methods Anonymous, Password, RADIUS, Active Directory, Certificates (individual and signed) RSA, .rhosts w/ RSA, s/key, Kerberos shared secrets, polymorphism (see note) MSCHAPv1, MSCHAPv2, EAP-TLS
Security / Trust New (c. 2014) Tried and Tested (c. 1999) New (c. 2013) Major security problems (c. 1999)
Great Firewall [9] Undetected Detected Undetected n.a.

Please note, that some of the ciphers that are supported by the above VPN protocols are considered very weak (e.g. RC4, DES) by the information security community [10] and should probably not be used by your VPN provider.

If you notice a mistake with these tables please do not hesitate to contact us so that we may correct the issue.


We thought you might get bored if we put all of our citations on the same page as the table, so we moved the citations for this article to its own page VPN Protocols Compared Notes.

© 2012-2015 - Terms and Conditions - Privacy Policy - Contact Follow on G+, FB, @slowfruit tumblr, YouTube