VPN protocols — Privex VPN

Protocol	Speed	Stealth	Best for
WireGuard	⚡⚡⚡⚡⚡	★★	Default. Fastest in normal networks.
IKEv2 / IPsec	⚡⚡⚡⚡⚡	★★	Mobile devices switching Wi-Fi ↔ LTE.
OpenVPN UDP	⚡⚡⚡	★★	Legacy compatibility. Battle-tested.
OpenVPN TCP	⚡	★★★	TCP-only networks (captive portals, hotels).
Reality (VLESS)	⚡⚡⚡⚡	★★★★★	DPI-heavy networks. Mimics microsoft.com TLS.
VLESS+WS+TLS (CF)	⚡⚡⚡	★★★★★	Country-level firewalls. Looks like Cloudflare traffic.

WIREGUARD

WireGuard — modern, fast, default

Speed: ⚡⚡⚡⚡⚡
Stealth: ★★

A modern protocol designed by Jason A. Donenfeld in 2015. ~4000 lines of audited C, kernel-mode on Linux, line-rate throughput on most hardware. ChaCha20 + Poly1305 + Curve25519 — a single fixed crypto suite, no negotiation.

Use this unless your network specifically blocks UDP 51820 or runs aggressive deep-packet inspection. It's the default in every Privex client.

IKEv2 / IPsec

IKEv2 — built for mobile

Speed: ⚡⚡⚡⚡⚡
Stealth: ★★

Native IPsec stack on iOS, macOS, and Windows — no client install needed. Excellent at re-establishing the tunnel when your phone roams between Wi-Fi and cellular without interrupting in-flight TCP connections.

Use this on iPhones and laptops that frequently change networks. Same key exchange security as WireGuard, slightly more overhead.

OpenVPN UDP

OpenVPN UDP — the proven workhorse

Speed: ⚡⚡⚡
Stealth: ★★

25 years old, audited dozens of times, supported on every operating system that's ever existed. AES-256-GCM by default in our setup. UDP transport keeps latency low.

Pick this when your client doesn't support WireGuard or you need to interop with legacy VPN gateways. Solid fallback.

OpenVPN TCP

OpenVPN TCP — the captive portal escape hatch

Speed: ⚡
Stealth: ★★★

Same OpenVPN, but tunneled over TCP/443 — looks like ordinary HTTPS to firewalls. Slower (TCP-over-TCP is famously suboptimal) but it gets through hotel Wi-Fi, coffee shops, and university captive portals that block UDP entirely.

Use this only when you have to. Reality and VLESS+WS+TLS are better stealth options on networks where the firewall is actively hostile.

REALITY (VLESS)

Reality — TLS that actually is TLS

Speed: ⚡⚡⚡⚡
Stealth: ★★★★★

Reality piggy-backs on a real TLS handshake to a real third-party site (microsoft.com by default). To a censor's DPI box, the entire connection looks like ordinary HTTPS to Microsoft — same JA3, same TLS extensions, same certificate chain.

Use this in restrictive networks (school, office, country-level filters) where standard VPN protocols are blocked. The fastest stealth option we offer.

VLESS+WS+TLS (CF)

VLESS+WS+TLS — fronted by Cloudflare

Speed: ⚡⚡⚡
Stealth: ★★★★★

Traffic is wrapped in WebSocket-over-TLS and routed through Cloudflare's edge. To any observer it's just HTTPS to a Cloudflare IP — exactly like the millions of legitimate sites behind Cloudflare. Hard to block without breaking half the internet.

The strongest unblock option, but Cloudflare proxying adds a hop so it's slightly slower than Reality. Use when even Reality is being blocked.