ProtonMail(new window)
  • Deutsch
  • Ελληνικά
  • Español (España)
  • Español (México)
  • فارسی
  • Français
  • Hrvatski
  • Magyar
  • Bahasa (Indonesia)
  • Italiano
  • Nederlands
  • Polski
  • Português (Brasil)
  • Português (Portugal)
  • Русский
  • Türkçe
  • Help Translate(new window)

ProtonVPN only uses strong, secure VPN protocols

The VPN protocol determines the security, stability, and speed of your VPN connection, which is why we only use protocols with strong security track records.

  • Establish secure VPN tunnels using OpenVPN, IKEv2, or WireGuard
  • Protect all past and future sessions with perfect forward secrecy
  • Secure your DNS queries
  • Our VPN protocols are secure, fast, and let you bypass internet blocks

    Your security is our first priority, which is why ProtonVPN protects your internet connection with strong VPN protocols that have a long track record of being secure and deploys these VPN protocols at their highest encryption settings.

    OpenVPN

    When properly configured, this tried and tested open-source VPN protocol is recognized by the cybersecurity community as being secure. ProtonVPN implements OpenVPN at its strongest encryption settings(new window) and uses forward secrecy(new window) to ensure new keys are generated for each session. A big advantage of OpenVPN is that it can be run using UDP or TCP(new window) transmission protocols. UDP is faster, but with TCP, we can configure OpenVPN to use the same port as the HTTPS protocol that secures all sensitive communications on the internet. This makes OpenVPN effective at defeating most censorship.

    IKEv2

    IKEv2 is a modern, fast, and secure VPN protocol that ProtonVPN implements at its strongest encryption settings. Because it uses the Diffie-Hellman process to exchange keys, forward secrecy is automatically implemented.

    WireGuard

    WireGuard is an open-source and lightweight VPN protocol that is faster than traditional VPN protocols. It also uses the advanced ChaCha20 encryption cipher to protect your VPN connection.

    Secure your internet with ProtonVPN

    Encrypted data transfer

    All data passing between your device and our VPN servers is encrypted using strong VPN and encryption ciphers protocols. Your internet provider, your government, and WiFi hackers cannot access your data.

    Encrypted DNS resolution

    When you connect to ProtonVPN, we resolve your DNS queries by converting the URL into the IP address used by computers to identify a website. Your DNS queries are sent through the encrypted VPN tunnel so that no one, not even your internet provider, can monitor what you do on the internet.

    Encrypted VPN servers

    All ProtonVPN servers use full-disk encryption to ensure that no one can intercept your data or steal our servers’ encryption keys, even in the unlikely event that attackers get physical access to our data centers.

    Keep your personal information private with ProtonVPN

    Trusted

    Trusted

    Proton is supported by the European Commission, recommended by the UN, and used by journalists, activists, and millions of people around the world to stay safe online.

    Based in Switzerland

    Based in Switzerland

    ProtonVPN is based in Switzerland, which has some of the strongest data privacy laws in the world.

    Kill switch

    Kill switch

    Our apps feature a kill switch to protect your IP address if the VPN connection is disrupted.

    No-logs VPN

    No-logs VPN

    We do not keep any activity logs or metadata, meaning we have no data to share with anyone.

    Open source

    Open source

    ProtonVPN apps use open-source VPN protocols, like WireGuard and OpenVPN, and an open-source implementation of IKEv2 so that anyone can check their code.

    Audited by independent experts

    Audited by independent experts

    Our open-source apps have been fully audited by independent security professionals, with the results openly published on our website(new window).

    VPN Accelerator

    VPN Accelerator

    VPN Accelerator is a set of technologies unique to ProtonVPN that can increase your VPN speed by over 400%.

    Easy to use

    Easy to use

    Simply install our VPN app, tap our Quick Connect button, and it will automatically connect you to the fastest server.

    swipe right or left to explore all values

    Get a secure and fast VPN with ProtonVPN

    • Defeat censorship with alternative routing
    • Protection from WiFi hackers
    • Fast 10 Gbps server network
    • Secure Core VPN
    • Tor over VPN

    Frequently Asked Questions

    What encryption settings do you use for OpenVPN?

    The OpenVPN protocol has proven itself secure for over 20 years. It is available in our Windows, Linux, Android, and iOS/iPadOS apps, using the following encryption settings:

    The control channel

    The control channel establishes a TLS connection between the VPN client and the VPN server.

    The whole process uses a symmetric key cipher, but the actual key exchange requires an asymmetric encryption system where a public key is used to encrypt the data, which can only be decrypted using a private key.

    ProtonVPN uses AES-256 for its symmetric cipher, RSA-4096 to ensure a secure key exchange, and HMAC SHA-384 hash authentication to verify the TLS certificates. The encryption suite we use also includes a Diffie-Hellman key exchange to provide forward secrecy.

    The data channel

    Once a TLS connection is established, OpenVPN transfers your actual data over the data channel. This is encrypted with a symmetric cipher (ProtonVPN uses AES-256) and verified with a hash function (HMAC SHA-384 in our case).

    What encryption settings do you use for IKEv2?

    IKEv2 is a secure, fast, and modern VPN protocol available in our macOS, iOS/iPadOS, and Android apps.

    IKEv2 is used by the IPsec protocol suite to establish a security association — shared security attributes — between your VPN client and the VPN server. The entire suite is thus more correctly referred to as IKEv2/IPsec.

    ProtonVPN uses the AES-256 symmetric cipher to secure your data and RSA-4096 to validate the identity of the server you connect to.

    IKEv2 uses the Diffie-Hellman process to exchange keys, so forward secrecy is automatically implemented.

    What is forward secrecy?

    Forward secrecy, also known as perfect forward secrecy, prevents an adversary from decrypting your past VPN sessions by using a Diffie-Hellman exchange to generate a new and unique private encryption key for each session.

    If an adversary were to somehow “crack” your current VPN session by compromising its encryption keys, forward secrecy severely limits the information they could obtain.