6 reasons why you should change your VPN protocol

VPN graphic
(Image credit: Shutterstock)

It's one of the most common VPN troubleshooting tips. If your connection seems slow, change your VPN protocol. And it's true: choose your protocol wisely, and it might double your speeds, sometimes more.

But there's so much more to it than performance. Changing your protocol can bring all kinds of benefits, improve your VPN experience, get app features working better, and other VPN functionality you didn't even know existed.

And it's all so easy to do. Point, click, or a couple of taps, and you're done. Here we'll explain just some of the reasons a quick protocol change could improve your VPN life.

1. Your VPN connection is slow

VPN speed varies greatly depending on protocol, so it's a good idea to check that you're using the fastest option.

Many VPN apps have an 'automatic' protocol setting which claims to select the best protocol for you, but if your speeds are still slow, it's worth turning this off and choosing something manually. 

If your VPN provider has a custom protocol of its own - Lightway for ExpressVPN, NordLynx with NordVPN, Catapult Hydra for Hotspot Shield - then that normally delivers the fastest VPN results.

Try WireGuard after that, then OpenVPN, IKEv2 or L2TP.

If your VPN supports PPTP, that might be fast, but beware: it's also so insecure that most providers have dropped it. Only use it when you've absolutely no need for security (you're unblocking Netflix rather than protecting online banking sessions, for example).

Keep in mind that although this order is generally correct, sometimes changing it might help. If your VPN provider has just messed up some WireGuard update, say, then switching to OpenVPN might be faster, at least until the fix is in. Try all the main options, see which works for you.

The ProtonVPN Windows app connecting to a server

(Image credit: ProtonVPN)

2. You can't connect to the VPN server

If you're in a country which is more interested in censorship than internet freedom, VPN connections may be connected and blocked - it's one of the reasons why VPNs for China, UAE and Russia have become such popular tools.

Some VPN-unfriendly networks use similar trickery. The end result: you hit Connect, but your app hangs at the 'Connecting...' stage and it's never ready for use.

Changing your protocol might help you avoid detection and get connected. If your VPN has a protocol specifically designed to bypass VPN blocks - VyprVPN's Chameleon, say - then try that first. But there are no fixed rules here, so if they don't work, try the others, too.

Look for protocol-specific settings that may help. Choose OpenVPN in some VPN apps and you'll get a setting called something like 'Obfuscation', for instance. Checking that box adds a stealthy extra layer to your traffic, in theory making it harder to detect.

You might see related options, including the ability to set a port, but these work very differently depending on the provider. Check the support site for specific advice.

3. Connecting to VPN servers takes a long time

Choosing a VPN protocol doesn't just affect the connection speed and security. It also changes the rules on how the connection is established; the steps your app has to go through to communicate with the VPN server and get your connection up and ready for use.

Selecting the right protocol can make a huge difference. We've seen WireGuard and IKEv2 connections up and running in under two seconds. Standard OpenVPN connections might easily take 10-20 seconds. When apps don't get this right, or a service is having problems, connections might take 40 seconds or more to set up.

If you're unhappy with your VPN connection times, then, just try the other protocols, see which comes out on top.

Keep in mind that the results can vary by platform, too, so don't assume that what works well with your Windows VPN is also a smart choice for your iPhone VPN app. Try a couple of connections with every protocol available before you decide.

ProtonVPN location choices

(Image credit: ProtonVPN)

4. Your app doesn't list a supported country

Imagine that you need a VPN which offers countries that aren't well supported elsewhere, perhaps in South America. You find one, sign up, install and launch the app, and: some or all of the countries you need, are not on the list. What's going on?

VPN servers don't always support every protocol offered by the service. If your provider defaults to WireGuard, for instance, then its apps will show you countries where there are WireGuard servers. If the country you need only has OpenVPN servers, it won't appear on the list.

The results can be dramatic. Choose 'Americas' in ExpressVPN's Windows app, for instance, and it normally offers you 16 countries. If you're using the L2TP protocol, you'll only see three. There are good reasons for this - L2TP is a Windows-only protocol, it's not recommended for speed or security, so the company only supports it in a bare minimum of locations - but it might still surprise you, if you don't know what's going on.

If your location list doesn't have everything your provider promises on its website, then, changing protocols might help. And if it doesn't, contact support to get an explanation of why the website is offering something that apparently doesn't exist, and if there's not a very good answer, ask for your money back - that's what VPN free trials are there for!

5. Your VPN connection keeps dropping

Maintaining your VPN connection takes time and effort with some protocols, but almost nothing at all with others. If you don't choose the best option, or your app isn't well implemented, or your provider's servers are overloaded, it's possible you'll see regular connection drops.

If this is a common problem for you, try another protocol. More modern options are usually the most reliable - WireGuard, ExpressVPN's Lightway, NordVPN's NordLynx - so try those, first. But don't rule anything out. WireGuard is a reliable protocol in theory, but if an app isn't setting it up properly (or there's just some bug in the latest app version), it might be useless. Try every option, just to be sure.

Some apps allow you to choose a protocol, but then also give you the option to connect using UDP or TCP. Normally this defaults to UDP for the best performance, but switching to TCP should improve reliability, at the expense of some speed.

The NordVPN website FAQ on Double VPN

(Image credit: NordVPN)

6. VPN feature doesn't work or isn't visible

Some VPN apps offer very lengthy lists of clever technical features, as they try to win over new customers. That's good news for the user, in theory, but there could be a problem. Some features rely on you choosing specific protocols, and if you switch to something else, they may not work as well, or the app might not allow you to use them at all.

Sign up for NordVPN, for instance, and you might want to try its Double VPN feature. This encrypts your traffic once, routes it to one VPN server, encrypts it a second time and re-routes it through another VPN server for the maximum possible security.

Sounds great, so you install the app on your Windows laptop, browse the menus, but can't find any mention of Double VPN.

The problem? Double VPN isn't supported by all protocols, not even NordVPN's own NordLynx. You'll have to switch to OpenVPN UDP or TCP before it shows up.

We suspect most users would never guess Double VPN's availability depends entirely on their choice of protocol, but it's a perfect example of this problem. If you're having any kind of odd problem with a VPN app, try switching protocols, just as a last resort: who knows, it just might be the answer you need.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.