Proton VPN only uses strong, secure VPN protocols

The VPN protocol determines the security, stability, and speed of your VPN connection, which is why we only use protocols with strong security track records.

  • Establish secure VPN tunnels using OpenVPN, IKEv2, or WireGuard
  • Protect all past and future sessions with perfect forward secrecy
  • Secure your DNS queries

Our VPN protocols are secure, fast, and let you bypass internet blocks

Your security is our first priority, which is why Proton VPN protects your internet connection with strong VPN protocols that have a long track record of being secure and deploys these VPN protocols at their highest encryption settings.


When properly configured, this tried and tested open-source VPN protocol is recognized by the cybersecurity community as being secure. Proton VPN implements OpenVPN at its strongest encryption settings and uses forward secrecy to ensure new keys are generated for each session.

A big advantage of OpenVPN is that it can be run using UDP or TCP transmission protocols. UDP is faster, but with TCP, we can configure OpenVPN to use the same port as the HTTPS protocol that secures all sensitive communications on the internet. This makes OpenVPN effective at defeating most censorship.


IKEv2 is a modern, fast, and secure VPN protocol that Proton VPN implements at its strongest encryption settings. Because it uses the Diffie-Hellman process to exchange keys, forward secrecy is automatically implemented.


WireGuard is an open-source and lightweight VPN protocol that is faster than traditional VPN protocols. It also uses the advanced ChaCha20 encryption cipher to protect your VPN connection.


Stealth is our custom VPN protocol that lets you bypass internet censorship and VPN blocks by disguising your VPN connection. With Stealth, you’ll be able to access censored sites and communicate with people on social media, even if your government is trying to restrict access. Stealth is available with all ProtonVPN plans, including our Free plan.

Secure your internet with Proton VPN

Encrypted data transfer

All data passing between your device and our VPN servers is encrypted using strong VPN and encryption ciphers protocols. Your internet provider, your government, and WiFi hackers cannot access your data.

Encrypted DNS resolution

When you connect to Proton VPN, we resolve your DNS queries by converting the URL into the IP address used by computers to identify a website. Your DNS queries are sent through the encrypted VPN tunnel so that no one, not even your internet provider, can monitor what you do on the internet.

Encrypted VPN servers

All Proton VPN servers use full-disk encryption to ensure that no one can intercept your data or steal our servers’ encryption keys, even in the unlikely event that attackers get physical access to our data centers.

Keep your personal information private with Proton VPN



Proton is supported by the European Commission, recommended by the UN, and used by journalists, activists, and millions of people around the world to stay safe online.

Based in Switzerland

Based in Switzerland

Proton VPN is based in Switzerland, which has some of the strongest data privacy laws in the world.

Kill switch

Kill switch

Our apps feature a kill switch to protect your IP address if the VPN connection is disrupted.

No-logs VPN

No-logs VPN

We do not keep any activity logs or metadata, meaning we have no data to share with anyone.

Open source

Open source

Proton VPN apps use open-source VPN protocols, like WireGuard and OpenVPN, and an open-source implementation of IKEv2 so that anyone can check their code.

Audited by independent experts

Audited by independent experts

Our open-source apps have been fully audited by independent security professionals, with the results openly published on our website.

VPN Accelerator

VPN Accelerator

VPN Accelerator is a set of technologies unique to Proton VPN that can increase your VPN speed by over 400%.

Easy to use

Easy to use

Simply install our VPN app, tap our Quick Connect button, and it will automatically connect you to the fastest server.

swipe right or left to explore all values

Get a secure and fast VPN with Proton VPN

  • Defeat censorship with alternative routing
  • Protection from WiFi hackers
  • Fast 10 Gbps server network
  • Secure Core VPN
  • Tor over VPN

Frequently Asked Questions

The OpenVPN protocol has proven itself secure for over 20 years. It is available in our Windows, Linux, Android, and iOS/iPadOS apps, using the following encryption settings:

The control channel

The control channel establishes a TLS connection between the VPN client and the VPN server.

The whole process uses a symmetric key cipher, but the actual key exchange requires an asymmetric encryption system where a public key is used to encrypt the data, which can only be decrypted using a private key.

Proton VPN uses AES-256 for its symmetric cipher, RSA-4096 to ensure a secure key exchange, and HMAC SHA-384 hash authentication to verify the TLS certificates. The encryption suite we use also includes a Diffie-Hellman key exchange to provide forward secrecy.

The data channel

Once a TLS connection is established, OpenVPN transfers your actual data over the data channel. This is encrypted with a symmetric cipher (Proton VPN uses AES-256) and verified with a hash function (HMAC SHA-384 in our case).

IKEv2 is a secure, fast, and modern VPN protocol available in our macOS, iOS/iPadOS, and Android apps.

IKEv2 is used by the IPsec protocol suite to establish a security association — shared security attributes — between your VPN client and the VPN server. The entire suite is thus more correctly referred to as IKEv2/IPsec.

Proton VPN uses the AES-256 symmetric cipher to secure your data and RSA-4096 to validate the identity of the server you connect to.

IKEv2 uses the Diffie-Hellman process to exchange keys, so forward secrecy is automatically implemented.

Forward secrecy, also known as perfect forward secrecy, prevents an adversary from decrypting your past VPN sessions by using a Diffie-Hellman exchange to generate a new and unique private encryption key for each session.

If an adversary were to somehow “crack” your current VPN session by compromising its encryption keys, forward secrecy severely limits the information they could obtain.