Which VPN protocol to use?

Each VPN protocol/type has its own advantages and disadvantages. This article covers the most important features of each VPN connection types that we support, to help you decide which one is best for you.
Short summary: 

use OpenVPN ECC with our software for best speed, simplicity of use and security mix. If you're connecting from a firewall-restricted network, try OpenVPN XOR with port TCP-443. Avoid PPTP and even L2TP/IPsec. OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don't expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). WireGuard protocol is supported but not yet implemented in our applications, it is secure and very reliable. It can be used natively on modern Linux distros or with its own WireGuard apps on Windows, Mac, Android, iOS. It is also available on routers running OpenWRT, DD-WRT, OpnSense. 
PPTP: Obsolete. Very low security, fast speed
L2TP/IPsec: medium security, fast speed
IKEv2/IPsec: high security, fast speed
OpenVPN (128-bit BF): medium security, fast speed
OpenVPN (256-bit AES): highest security, good speed
OpenVPN (128-bit AES, ECC): high security, fast speed
PPTP is insecure but it works on most Operating Systems/devices by default using the OS built-in VPN features. It is very fast in our implementation, but since it's not as secure as other protocols, we recommend to use it only for activities that are not too sensitive (i.e. only to unblock geo-restricted content). It may work on routers lacking support for any other VPN types out of the box. 
L2TP/IPsec is reasonably secure and very fast in our implementation. It's not as reliable as OpenVPN over networks experiencing issues, leading to connection drops. The protocol itself (IPsec) is very complicated from a technical perspective and road-warrior implementations (single servers <-> many end-point users) are not as secure as they should be, especially by relying on pre-shared keys insead of certificates. Therefore, from a security perspective we rate it somewhere in-between PPTP and OpenVPN: overall good for security as long as neither of the end-points (client or server) are targeted by highly skilled attackers. 
IKEv2/IPsec is more secure than L2TP/IPsec and is very fast. It is the protocol used with our iOS app, being natively supported on iOS. 
OpenVPN is secure and reliable. OpenVPN UDP can be faster than OpenVPN TCP over high-speed connections (over 100 Mbps). OpenVPN is also harder to block by ISPs since it can run on standard ports like 443, 993, 995. However, just running over common ports is not enough as any decent DPI would immediately identify it. For that reason, an extra obfuscation layer needs to be implemented and we use 2 different obfuscation methods to make it stealthier. 
Encryption strength
PPTP: 128-bit MPPE (keep in mind that the protocol itself is broken so the encryption is pretty much useless per se)
L2TP/IPSec: 256-bit AES and RSA-2048 (with Maximum Strength Encryption enabled in manual setup or with our software)
OpenVPN 128-bit BF: 128-bit BF-CBC for data channel, RSA 2048 for keys. It is considered obsolete; to be used only on devices that do not currently support AES/custom OpenVPN settings, e.g. Synology NAS, Chromebooks. 
OpenVPN 128-bit AES: 128-bit AES-GCM for data channel, RSA 4096 keys
OpenVPN 256-bit: 256-bit AES-GCM for data channel, RSA 4096 keys
OpenVPN ECC: 128-bit AES-GCM for data channel, Elliptic Curve using curve secp256k1 keys
OpenVPN XOR: 128-bit AES-GCM/AES-CBC for data channel, RSA 4096 keys

OpenVPN uses AES-GCM instead of AES-CBC if supported by client. It is supported by our client software and used by default, however with older OpenVPN client versions it may not support it and use AES-CBC instead of AES-GCM. 

OpenVPN XOR is similar to OpenVPN 128-bit in terms of encryption strength. We recommend to use it only when other OpenVPN types do not work, such as within networks that block other connections than outgoing over ports 80 and 443. Running OpenVPN XOR over port TCP-443 should by-pass most firewalls/web-filtering engines. It is available with our applications on Windows/Mac/Android/Linux and OpnSense router. 
PPTP (obsolete)
- It is the most widely used VPN protocol, available by default on most modern Operating Systems and supported on many routers out of the box. 
- It is very fast in our implementation, reaching 70 Mbps with ease on 100 Mbps broadband connections. 
- It is not a secure VPN protocol and can be easily decrypted by malicious 3rd parties in man-in-the-middle attacks. However, the attacks against PPTP are not really easy, not even for knowladgeable security experts - so we believe it is a good protocol to use for transfering non-sensitive data or to add a security layer to your communication if other VPN protocols can't be used. 
- Requires NAT traversal and the router to allow GRE/VPN pass-through if you want to connect from an internal network, such as home network, to an external VPN server on the Internet. These requirements result in connection problems when: 1. the router does not support GRE/VPN pass-through or it is not correctly implemented and 2. when there are more than 1 devices/PCs in the same network connecting to an external VPN server at the same time.
It comes second after PPTP in popularity and that makes it available on most modern Operating Systems and devices. It is more “NAT friendly” than PPTP and should pass through most modern routers even if you connect more than 1 PC/device from the same local network at the same time.
L2TP/IPsec is using UDP protocol and benefits from kernel-based acceleration, at least on the client-side (Windows) but also on server-side (in our implementation). Depending on the L2TP/IPsec server configuration, L2TP/IPsec can be almost as fast as a regular non-encrypted connection to the server. Speed wise - it can max-out an 100 Mbps broadband or come close in most cases. We managed to achieve far better speed between gigabit servers.  
It is more secure than PPTP but not as secure as OpenVPN; it is "complicated" from a technical perspective and a lot of things can go wrong in setting it-up, especially in road-warrior setups. While we believe that attacks against PPTP are hard in real-world scenarios for the "average" attacker, those might be totally useless against IPsec, but if the adversary is highly skilled and has virtually unlimited resources (e.g. government agencies), you better don't use IPsec just to be on the safe side. 
It is a bit harder to setup, can be easily blocked by ISPs. 
It works on both TCP and UDP protocols. UDP connections are usually faster than TCP. It does not require explicit NAT traversal/VPN pass-through on home routers and it can easily connect from virtually anywhere, as long as the ports are not blocked. OpenVPN can run on any ports. 
It's probably the most secure VPN protocol nowadays, it relies on OpenSSL or PolarSSL/mbed TLS for the actual encryption. 
It is a bit more difficult to setup. It requires a software client to connect since it is not supported by default on most operating systems. It also needs driver support and may not work on some PCs due to software/driver installation restrictions. There are several OpenVPN clients to choose from. Check our Tutorials section to get started using them. Even if it is a bit harder to setup than traditional PPTP or L2TP/IPsec, we recommend using OpenVPN if reliability and security are your main concerns. For best speeds, it's likely that L2TP/IPSec would be faster if you have a very fast broadband connection (over 100 Mbps) - but it depends on many factors. 

Not as fast as L2TP/IPsec and even PPTP in some cases. It can be slow on Windows if you run it in a Virtual Machine under VirtualBox, but very fast on Linux (even in a VM environment). 

Our recommendation for best mix of security and speed is to use OpenVPN ECC, followed by OpenVPN AES 128-bit. 

Other tutorials: