Which protocol should I choose?
NordVPN supports a number of security protocols to provide the VPN service. The levels and purposes of security for these protocols vary, as do the needs of our customers. We encourage you to take a close look at the strengths and weaknesses of each protocol. While we want you to be able to choose freely, we also feel it is our duty to advise you on what works best for you.
OpenVPN is a mature and powerful piece of open source software that enables us to provide a reliable and secure VPN service. It is a versatile protocol that can be used on both TCP and UDP ports. OpenVPN supports a large number of strong encryption algorithms and ciphers: to ensure that your data is protected, we use AES-256-GCM with a 4096-bit DH key. We recommend it to the most security conscious users.
2. IKEv2 / IPsec
IKEv2 / IPsec greatly increases the security and privacy of users through the use of strong encryption algorithms and keys. NordVPN uses NGE (Next Generation Encryption) in IKEv2/IPsec. The ciphers used to generate Phase1 keys are AES-256-GCM encryption, paired with SHA2-384 to ensure integrity, and integrated with PFS (Perfect Forward Secrecy) using 3072-bit Diffie-Hellman keys. Then IPsec secures the tunnel between the client and server, using the powerful AES-256. The protocol provides the user with security, stability and speed with peace of mind.
3. WireGuard (NordLynx) (recommended by NordVPN and used by default in most of our apps)
WireGuard is the latest and fastest tunneling protocol that the entire VPN industry is talking about. It uses the latest encryption technology that outperforms the current leaders, OpenVPN and IPSec/IKEv2. However, it is still considered experimental, so VPN providers need to look for new solutions (such as NordVPN’s NordLynx) to work around WireGuard’s weaknesses.
WireGuard is modern, extremely fast, and insanely skewed in its architecture, backed by extensive academic research. WireGuard consists of only 4,000 lines of code, making it easy to deploy, audit, and find errors. To put it into perspective, OpenVPN runs on 400,000 lines of code, which means WireGuard makes up only 1% of the massive OpenVPN architecture. NordLynx is currently used by default in NordVPN apps.
Tip: The security of your VPN connection depends on your account password as well. Don’t forget to use a strong password on your account, it will help you avoid credential stuffing attacks and will keep your connections safe and uninterrupted.
Since creating and remembering strong and secure passwords is not an easy task, we recommend downloading the free password manager – NordPass. It generates secure passwords for you and stores them securely, allowing you to avoid wasting time resetting your password in the future.