How can we help you?

Which protocol should I choose?

Here at NordVPN, we support a number of different security protocols to provide our VPN service. We encourage you to take a closer look and explore the strengths and weaknesses of each and every one of them. The security levels and purposes of these protocols are different, but so are the needs of our customers. We want you to be able to choose freely, but also advise you of what might suit you best.

1. OpenVPN – (Recommended by NordVPN and used by default in most of our apps)

OpenVPN is a mature and robust piece of open-source software that enables us to provide a reliable and secure VPN service. It is a versatile protocol and can be used on both TCP and UDP ports. It supports a great number of strong encryption algorithms and ciphers – to ensure the protection of your data we use AES-256-GCM with a 4096-bit DH key. OpenVPN is currently used by default in NordVPN apps. We recommend it for the most security-conscious.

2. IKEv2/IPsec – (Highly recommended)

IKEv2/IPsec significantly increases security and privacy of the user by employing very strong cryptographic algorithms and keys. NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM for encryption, coupled with SHA2-384 to ensure integrity, combined with PFS (Perfect Forward Secrecy) using 3072-bit Diffie Hellmann keys. IPsec then secures the tunnel between the client and server using the strong AES256. This is the protocol, which provides the user with peace of mind security, stability, and speed. For these reasons, it is highly recommended by NordVPN and has been adopted as a default in the NordVPN apps for iOS and macOS.

3. WireGuard (NordLynx) - (Still in development)

Wireguard is the newest and fastest tunneling protocol the entire VPN industry is talking about. It uses state-of-the-art cryptography that outshines the current leaders – OpenVPN and IPSec/IKEv2. However, it’s still considered experimental, so VPN providers need to look for new solutions (like NordLynx by NordVPN) to overcome Wireguard’s vulnerabilities.

Modern, extremely fast, and insanely lean in its architecture, WireGuard uses state-of-the-art cryptography and is backed by thorough academic research. With this combo, it outshines the current leading protocols – OpenVPN and IPSec. WireGuard consists of only 4000 lines of code, making it easy to deploy, audit, and find bugs. To compare: OpenVPN runs on 400,000 lines of code, meaning that WireGuard would make up only 1% of the massive OpenVPN’s architecture.

Related Articles

© Copyright 2020 all rights reservedSelf-service byNanorep