NordVPN supports a number of security protocols to provide a VPN service. The security levels and purposes of these protocols are different, but so are our customers’ needs. We encourage you to take a closer look at the strengths and weaknesses of each protocol. While we want you to be able to choose freely, we also feel it’s our duty to advise you on what might suit you best.
OpenVPN is a mature and robust piece of open-source software that enables us to provide a reliable and secure VPN service. It is a versatile protocol that can be used on both TCP and UDP ports. OpenVPN supports a great number of strong encryption algorithms and ciphers: to ensure the protection of your data, we use AES-256-GCM with a 4096-bit DH key. We recommend it for the most security-conscious users.
IKEv2/IPsec significantly increases the security and privacy of users by employing strong cryptographic algorithms and keys. NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, and combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie-Hellman keys. IPsec then secures the tunnel between the client and server, using the strong AES-256. The protocol provides the user with peace-of-mind security, stability, and speed.
3. WireGuard (NordLynx) (Recommended by NordVPN and used by default in most of our apps)
WireGuard is the newest and fastest tunneling protocol the entire VPN industry is talking about. It uses state-of-the-art cryptography that outshines the current leaders, OpenVPN and IPSec/IKEv2. However, it’s still considered experimental, so VPN providers need to look for new solutions (like NordLynx by NordVPN) to overcome WireGuard’s vulnerabilities.
Modern, extremely fast, and insanely lean in its architecture, WireGuard is backed by thorough academic research. WireGuard consists of only 4,000 lines of code, making it easy to deploy, audit, and find bugs. To put it into perspective, OpenVPN runs on 400,000 lines of code, meaning that WireGuard makes up only 1% of OpenVPN’s massive architecture. NordLynx is currently used by default in NordVPN apps.
Tip: Your VPN connection safety depends on your account password too. Don't forget to use a strong password on your account, as it will help you to avoid credential stuffing attacks and will keep your connections safe and uninterrupted.
As generating and remembering strong and secure passwords is not an easy task, we recommend downloading our free password manager — NordPass. It generates secure passwords for you and stores them safely, letting you avoid time-wasting password resets in the future.