VPN Protocols Explained

WireGuard, OpenVPN, IKEv2, Lightway — what are these, and which one should you use when travelling? Here's a clear, practical breakdown.

VPN protocols WireGuard OpenVPN IKEv2 explained

What is a VPN protocol?

A VPN protocol is the set of rules that governs how your device creates and maintains the encrypted tunnel to the VPN server. Different protocols make different trade-offs between speed, security, and the ability to bypass censorship. Most VPN apps select the best protocol automatically — but knowing what each one does helps you troubleshoot and optimise for your specific destination. If you're not sure how the tunnel itself works, start with our guide to how VPNs work.

WireGuard

⚡ Recommended

Speed

🟢 Fastest

Security

🟢 Excellent

Best for

Most travellers, everyday use

WireGuard is the newest and fastest VPN protocol. Its codebase is tiny (4,000 lines vs 400,000 for OpenVPN), making it easier to audit for security holes and significantly faster to negotiate connections. For most travellers, WireGuard is the right default choice. Note: it's sometimes detectable as VPN traffic — if you're entering a restricted country, you may need to switch to an obfuscated protocol.

OpenVPN

🔒 Gold standard

Speed

🟡 Solid

Security

🟢 Excellent

Best for

Reliability, compatibility, older devices

OpenVPN has been the industry standard for over a decade. It's extremely well-tested, supported on virtually every device, and has a huge community that quickly identifies security issues. It's slower than WireGuard but more reliable on unstable connections. OpenVPN TCP mode is particularly good when networks are dropping packets — it retransmits reliably.

IKEv2/IPSec

📶 Mobile-optimised

Speed

🟢 Fast

Security

🟢 Excellent

Best for

Smartphones, switching networks frequently

IKEv2 is Microsoft and Cisco's protocol and is natively supported in iOS and Android — meaning many VPNs use it as a default on phones. Its killer feature is MOBIKE: when you switch from Wi-Fi to mobile data (or between cell towers), IKEv2 re-establishes the VPN connection automatically without you noticing. Perfect for heavy mobile users — especially useful when paired with an <a href="/vpn/esim-and-vpn" style="color:#7c3aed;font-weight:600;">eSIM + VPN setup</a>.

Lightway (ExpressVPN)

🇨🇳 China bypass

Speed

🟢 Fastest

Security

🟢 Excellent

Best for

China, UAE — ExpressVPN users

Lightway is ExpressVPN's proprietary protocol built on the wolfSSL cryptography library. It's designed to be lightweight and fast (similar to WireGuard in performance) but with additional obfuscation capabilities that help it bypass China's Great Firewall. If you're using ExpressVPN in China, Lightway is what you should have selected in settings. Read our full <a href="/vpn/vpn-for-china" style="color:#dc2626;font-weight:600;">VPN for China guide</a> for setup instructions.

Shadowsocks / obfuscated

🛡️ Stealth

Speed

🟡 Medium

Security

🟡 Good

Best for

China, Iran, Russia — when other protocols fail

Shadowsocks isn't a VPN protocol per se — it's a proxy designed to disguise traffic as regular HTTPS. VPN providers use it (or similar obfuscation layers like "Stealth mode", "NoBorders", "Camouflage") to hide the fact you're using a VPN at all. If WireGuard or OpenVPN get blocked in a restricted country, switching to your VPN's obfuscated mode is the next step.

L2TP/IPSec

⚠️ Legacy

Speed

🟡 Medium

Security

🟡 Adequate

Best for

Older routers and legacy devices only

L2TP/IPSec is an older protocol and the slowest of the common options. Most modern VPN providers are phasing it out. It's been partially compromised by intelligence agencies according to leaked documents (though it's still adequate for basic privacy). Use WireGuard or OpenVPN instead unless your device specifically requires L2TP.