This article is available in German, Italian, Japanese, Korean, Polish, Portuguese-Brazilian, Danish, Norwegian, Traditional Chinese, French, Dutch, Swedish, and Spanish.
NordVPN supports a number of security encryption protocols to provide a VPN service. The security levels and purposes of these VPN protocols are different, but so are our customers’ needs. We encourage you to take a closer look at the strengths and weaknesses of each VPN protocol. While we want you to be able to choose freely, we also feel it’s our duty to advise you on what might suit you best.
OpenVPN is a mature and robust piece of open-source software that enables us to provide a reliable and secure VPN service. It is a versatile VPN protocol that can be used on both TCP and UDP ports. OpenVPN supports a great number of strong encryption algorithms and ciphers: to ensure the protection of your data, we use AES-256-GCM with a 4096-bit DH key. If you are conscious about your security and are wondering what the most stable NordVPN protocol is, we recommend OpenVPN.
IKEv2/IPsec significantly increases the security and privacy of users by employing strong cryptographic algorithms and keys. NordVPN uses NGE (“next-generation encryption”) in IKEv2/IPsec. Phase1 keys are generated using AES-256-GCM, SHA2-384, and PFS (Perfect Forward Secrecy) using 3072-bit Diffie-Hellman keys. IPsec then secures the tunnel between the client and server, using strong AES-256 encryption. This VPN protocol provides the user with peace-of-mind security, stability, and speed.
3. WireGuard (NordLynx) (Recommended by NordVPN and used by default in most of our apps)
WireGuard is the newest and fastest tunneling protocol, and the entire VPN industry is talking about it. It uses state-of-the-art cryptography that outshines the current leaders, OpenVPN, and IPSec/IKEv2. However, it’s still considered experimental, so VPN providers need to look for new solutions (like NordLynx by NordVPN) to overcome WireGuard’s vulnerabilities.
Modern, extremely fast, and incredibly lean in its architecture, WireGuard is backed by thorough academic research. WireGuard consists of only 4,000 lines of code, making it easy to deploy, audit, and fix. To put it into perspective, OpenVPN runs on 400,000 lines of code, meaning that WireGuard makes up only 1% of OpenVPN’s massive architecture.
NordLynx is currently used by default in NordVPN apps. If you’re wondering which VPN protocol is best for gaming or other online speed-dependent activities, the answer is always NordLynx.
Check out NordVPN on YouTube!