Windows 11 VPN server: setup and comparison with other VPNs

  • If you've already upgraded to the late Windows 11 OS, you might want to start using a VPN service as well, as it comes with many benefits.
  • You have two ways of connecting to a VPN server on Windows 11, namely, either via a manual connection or a direct connection from a native VPN app.
  • Here, we will focus on showing you how to set up a VPN manually using the Windows 11 built-in VPN or the OpenVPN GUI.
  • In addition, we'll explain the differences between a manually-configured VPN and a regular VPN app so you can decide which one is the best option for you.

Are you a Windows 11 user and want to set up a VPN server on the new operating system? Or, are you already using a VPN service but haven’t tried the built-in VPN feature yet?

Regardless of the situation, you couldn’t be in a better place to find out how to set up a manual VPN connection and connect to a VPN server on your Windows 11 device.

A VPN is widely used nowadays, and rightly so, given the many security and privacy vulnerabilities you’re exposed to daily while using the Internet.

As such, you shouldn’t miss the opportunity of enjoying the multitude of advantages such a service brings to the table.

From securing your devices against tracking, monitoring, surveillance, and cyberattacks to accessing geo-blocked content from anywhere, a VPN turns out to be a very dependable solution that will both protect your sensitive data and help you evade restrictions and online censorship.

Consequently, if you’re interested in configuring a VPN on your Windows 11 PC, go through the detailed setup guides below where you’ll find step-by-step instructions on how to achieve this.

In addition, you will find important information regarding the differences between a manually-configured VPN and a native VPN app.

In the examples provided with different configuration modes, we also included certain VPN services that support the respective connection types.

How does a VPN work?

In case you’re new to the VPN world, you should get a grasp on how VPN services work, what benefits they offer, and why you should use one in the first place.

A Virtual Private Network (VPN) – as its name suggests – is a private network connection that extends across the open Internet and allows users to send and receive data as if their devices were connected directly to the private network.

But, let’s dispense with the technical stuff and stick to a VPN’s main purpose. In other words, a VPN is a service aimed at protecting your Internet connection against third-party interference.


For instance, when you connect to the Internet openly, your actual location – which is based on your IP address – is visible to the online resources you access on the Internet, and obviously to the Internet Service Provider (ISP) that assigned it to you.

However, a VPN masks your ISP-assigned IP and replaces it with a new one in a different location depending on the VPN server you connect to.

Consequently, your digital footprints can no longer be associated with your actual IP address as long as you will be connected to a VPN.

A VPN will let you surf anonymously from anywhere using different IP addresses from various locations and countries across the globe.

➡Privacy and security

Your ISP can also see everything you do online by monitoring your activity. Moreover, websites you access regularly use cookies that can log your activity and online habits and use that information for tracking and advertisement purposes.

Cybercriminals may target your devices and sensitive data as well by launching different types of cyberattacks, such as malware, phishing scams, man-in-the-middle (MitM) attacks, denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks, or Internet of things (IoT) attacks.

Unfortunately, all of these pose serious security and privacy risks that you should take into account to protect yourself. However, you should rest assured since this is when a VPN comes into play.

A VPN redirects all of your traffic via a secure tunnel before it reaches the final destination. To do so, it uses an encryption algorithm together with a VPN protocol that will determine how the encrypted tunnel is formed.

Thus, the encryption will guarantee total privacy and security while you use the Internet-connected to a VPN server at home or on public Wi-Fi hotspots.

That is to say, no one – including your ISP – will be able to pry into your online affairs anymore. Therefore, trackers, snoopers, government surveillance, and hackers will all be a thing of the past.


Geo-blocking is a way of restricting your access to Internet content based on your geographical location, which in turn can be identified online based on your IP address.

However, since a VPN masks your original IP address and spoofs your real location, it will help you bypass geo-blocking, no matter where you’re located.

As a result, you’ll manage to access sites, apps, and services unavailable in your area by simply connecting to a VPN server in a country or region where those online resources are available.

Circumventing geo-blocking can also help you get better price deals for certain online services, such as streaming or gaming, as you can simply connect to a location where they are cheaper.

How to set up a manual VPN connection on Windows 11?

When it comes to setting up a manual VPN connection on a Windows 11 operating system, you have two main options: using the built-in VPN or the OpenVPN GUI.

The built-in VPN allows you to connect to a VPN server on Windows 11 by selecting from any of the 4 available connection types or protocols.

On the other hand, the OpenVPN manual setup involves establishing a connection using the OpenVPN GUI with a VPN service supporting the OpenVPN (UDP or TCP) protocol.

Whichever option you will choose, below you can find all the necessary steps you need to follow to successfully establish a manual VPN connection.

1. Use the Windows 11 built-in VPN

Windows 11 comes with an easily-configurable and user-friendly built-in VPN client that lets you set up a manual connection with the IKEv2, SSTP, L2TP/IPsec, or PPTP VPN protocols.

IKEv2, SSTP, L2TP/IPsec, and PPTP entail almost identical setup steps within the client, except that IKEv2 involves an extra procedure before setting up the VPN connection.

Before starting the configuration process, make sure to use a VPN service that supports the required VPN protocol for that specific connection.

Most of the time, you will find the information regarding your provider’s supported protocols for manual configuration on its associated website.

Also, you will need to log into your VPN account and get the server addresses and any other required credentials or configuration files if needed.

1.1. Set up an IKEv2 manual VPN connection

For the IKEv2 manual connection, we used NordVPN since this VPN service supports the IKEv2/IPsec VPN protocol. You can use any VPN as long as it supports this protocol.

Unlike the other connection types, setting up an IKEv2 connection with the built-in VPN involves an additional procedure, namely, you have to download and install a digital certificate first.

Below, you can see an example of how to set up an IKEv2 manual connection using the built-in VPN and connect to a VPN server on your Windows 11 device.

1.1.1. Install the VPN digital certificate
  1. Download the NordVPN certificate, click on the file, then click Open.
  2. Click on Install Certificate… in the General tab.
  3. In the new window, Select Local Machine, then click Next.
  4. Select Place all certificates in the following store and click Browse….
  5. Select Trusted Root Certification Authorities, click OK, then Next.
  6. Click Finish to complete the Certificate Import Wizard process.
  7. Click OK in both the Certificate Import Wizard and the Certificate windows.
  8. Press the Windows + R key combination to open the Run dialog box.
  9. Type certmgr.msc in the box to open the certificates management tool.
  10. Go to Trusted Root Certification Authorities, click on Certificates, then scroll down to find NordVPN Root CA.
  11. Right-click on NordVPN Root CA and select Properties.
  12. Check the Enable only for the following purposes option in the General tab.
  13. Uncheck all the boxes except the Server Authentication box.
  14. Click OK, then Apply.
1.1.2. Set up the IKEv2 VPN connection
  1. Press the Windows + I key combination to open Settings.
  2. Go to Network & internet, then click on VPN.
  3. Click on Add VPN next to VPN connections.
  4. Head over to your account to find the service credentials for the manual setup.
  5. Choose Windows (built-in) for the VPN provider.
  6. Enter the Connection name and the VPN Server name or address.
  7. Choose IKEv2 for the VPN type.
  8. Select the Type of sign-in info (this is usually User name and password).
  9. Enter the corresponding sign-in credentials and click Save.
  10. Find the new VPN connection and click Connect.
  11. Now you’ve successfully established an IKEv2 VPN connection.
  12. If you want to remove the connection, click on it, then click Remove.

Internet Key Exchange version 2 (IKEv2) is a VPN protocol jointly developed by Microsoft and Cisco. It is the successor of IKEv1 and supports different encryption algorithms.

IKEv2 generally works together with Internet Protocol Security (IPsec) – a group of protocols and algorithms used to establish encrypted connections between devices.

This protocol is fast and also very good for privacy and security, being one of the most advanced and dependable VPN protocols on the market.

IKEv2 can be easily set up on compatible platforms and is very popular with mobile devices since it can successfully reconnect during temporary connection drops or when switching between mobile connections (e.g. from cellular data to Wi-Fi).

1.2. Set up an SSTP manual VPN connection

Setting up an SSTP connection from the built-in VPN client is quite easy. All you have to do is follow the steps below, and you’ll manage to connect to a VPN server on Windows 11 right away.

Before proceeding, be sure to have at your disposal the VPN server name or address together with the username and password associated with your VPN account.

Sometimes you may be unable to connect to a VPN server using the SSTP protocol. This may be due to the Windows firewall. As such, you can disable it for a while and try reconnecting again.

  1. Press the Windows + I key combination to open Settings.
  2. Go to Network & internet, then click on VPN.
  3. Click on Add VPN next to VPN connections.
  4. Choose Windows (built-in) for the VPN provider.
  5. Enter the Connection name and the VPN Server name or address.
  6. Choose Secure Socket Tunneling Protocol (SSTP) for the VPN type.
  7. Select the Type of sign-in info (this is usually User name and password).
  8. Enter the corresponding sign-in credentials and click Save.
  9. Find the new VPN connection and click Connect.
  10. Now you’ve successfully established an SSTP VPN connection.
  11. If you want to remove the connection, click on it, then click Remove.

The Secure Socket Tunneling Protocol (SSTP) is a proprietary protocol developed by Microsoft, meaning that – unlike other open-source protocols – no one outside Microsoft can access its code.

SSTP was first introduced with Windows Vista and it was mainly conceived for the Windows OS even though it works on Linux as well.

Ever since it appeared, it has been continuously integrated into every Windows version and is very easy to set up using the built-in VPN.

SSTP uses 2048 bit SSL/TLS certificates for authentication and 256 bit SSL key for encryption. Since it supports AES-256 encryption, SST is considered a very secure protocol. Plus, it’s also pretty fast.

1.3. Set up an L2TP/IPsec manual VPN connection

In the example below, we used ExpressVPN to set up an L2TP/IPsec VPN connection. This service supports the L2TP/IPsec protocol both for manual and automatic connections.

However, although ExpressVPN is among the few VPNs that allow an L2TP/IPsec manual connection, you can find other services that support this connection type as well.

No matter what VPN you use, follow the general steps below accordingly to configure the manual setup and connect to a VPN server on your Windows 11 device.

  1. Press the Windows + I key combination to open Settings.
  2. Go to Network & internet, then click on VPN.
  3. Click on Add VPN next to VPN connections.
  4. Go to your account to find the server address, pre-shared key, and service credentials for the L2TP/IPsec manual setup.
  5. Choose Windows (built-in) for the VPN provider.
  6. Enter the Connection name and the VPN Server name or address.
  7. Choose L2TP/IPsec with pre-shared key for the VPN type and enter the Pre-shared key.
  8. Select the Type of sign-in info (this is usually User name and password).
  9. Enter the corresponding sign-in credentials and click Save.
  10. Find the new VPN connection and click Connect.
  11. Now you’ve successfully established an L2TP/IPsec VPN connection.
  12. If you want to remove the connection, click on it, then click Remove.

The Layer Two Tunneling Protocol (L2TP) is a tunneling protocol that was built by Microsoft and Cisco as an alternative to the deprecated PPTP protocol.

It does not provide any encryption by itself, so it works in combination with Internet Protocol Security (IPsec) to provide AES-256 encryption. The protocol is usually referred to as L2TP/IPsec.

L2TP/IPsec is very popular and widely available on all major platforms, being easily configurable. However, since it runs on fewer ports, it can be easily blocked by firewalls.

All in all, L2TP/IPsec is a safe protocol although some rumors appeared that the NSA might have compromised its security. As to speed, the protocol is very fast, being considered on the same level with or even faster than the popular OpenVPN protocol.

1.4. Set up a PPTP manual VPN connection

As with SSTP, connecting to a VPN server on Windows 11 from the built-in VPN using the PPTP protocol is a very easy task, the configuration steps being virtually identical.

All you need are the VPN server name or address along with the username and password you use when logging into your VPN account, and you should be all set.

Also, since PPTP provides weaker security, your firewall could block it. Therefore, you may turn off the Windows Defender Firewall temporarily to prevent any connection errors.

  1. Press the Windows + I key combination to open Settings.
  2. Go to Network & internet, then click on VPN.
  3. Click on Add VPN next to VPN connections.
  4. Choose Windows (built-in) for the VPN provider.
  5. Enter the Connection name and the VPN Server name or address.
  6. Choose Point to Point Tunneling Protocol (PPTP) for the VPN type.
  7. Select the Type of sign-in info (this is usually User name and password).
  8. Enter the corresponding sign-in credentials and click Save.
  9. Find the new VPN connection and click Connect.
  10. Now you’ve successfully established a PPTP VPN connection.
  11. If you want to remove the connection, click on it, then click Remove.

The Point-to-Point Tunneling Protocol (PPTP) was developed by Microsoft and is one of the oldest VPN protocols still available on the market.

This protocol is widely supported and can be set up on any platform using the built-in feature. It uses Microsoft Point-to-Point Encryption (MPPE) and outdated MS-CHAP v2 authentication.

PPTP is the fastest of all VPN protocols in the industry. However, this comes at a cost for security, as it utilizes weak encryption that can be easily cracked.

Unfortunately, the PPTP protocol has a history of security flaws and can be easily blocked by ISPs, admins, or network firewalls. Nonetheless, although it’s not recommended due to poor encryption, it is still used nowadays by those who care more about speed than security.

2. Set up a manual VPN connection using OpenVPN

Setting up a manual VPN connection with the OpenVPN protocol is a more complex – but not difficult – process, compared to the other connections using the built-in VPN.

In general, it involves 4 stages if you want to add DNS leak protection as well. These stages are: downloading and installing the OpenVPN GUI, adding the server configuration files, setting up DNS leak protection, and finally, connecting to a VPN server on your Windows 11 PC.

In our example, we used NordVPN to establish an OpenVPN manual connection with the OpenVPN GUI. This VPN service uses the OpenVPN protocol and allows a manual setup too.

Many top VPN services support the OpenVPN protocol, and therefore you should follow the general steps below carefully regardless of your VPN provider, and you should be all set.

2.1. Download and install the OpenVPN GUI

  1. Download the OpenVPN GUI version for your OS.
  2. Open the file and click on Install Now.
  3. Alternatively, you can select Customize for Custom Installation.
  4. Wait for the installation to complete.
  5. Once the installation is completed, click Close.

2.2. Add the server configuration files to OpenVPN

  1. Log into your VPN account and download the configuration files.
  2. Right-click the OpenVPN GUI desktop shortcut, then click on Open file location.
  3. In the navigation bar, click OpenVPN to go to the main folder.
  4. Double-click on the config folder.
  5. Copy the downloaded OpenVPN configuration files into the config folder.

2.3. Set up DNS leak protection

  1. In the config folder, right-click on the OpenVPN configuration file.
  2. Go to Open with and select Notepad or any other text editor.
  3. Scroll to the bottom and paste this line: block-outside-dns. Do not change anything else.
  4. Close the editor and click Save.

2.4. Establish a VPN connection

  1. Double-click the OpenVPN GUI shortcut on your desktop.
  2. This will start the application in the system tray.
  3. Right-click on the OpenVPN icon, go to the servers, and click Connect.
  4. Find your VPN provider’s service credentials for the manual setup. These are different from your account credentials.
  5. Enter the Username and Password, then click OK.
  6. A notification will appear in the bottom right corner showing the connection status.
  7. If you want to disconnect, right-click on the app icon, go to the servers, and click Disconnect

OpenVPN is a very popular VPN protocol that is currently widely supported by many well-reputed VPN providers on the market, with some using it as the default protocol.

This protocol is open source, meaning that users and developers alike can access its source code to check for security flaws or other vulnerabilities.

OpenVPN is free for all platforms and can be configured for various ports and encryption types. Although it can use different cryptographic algorithms, the Advanced Encryption Standard (AES) symmetric-key algorithm is the recommended one.

The AES-256-bit key encryption with 2048-bit RSA authentication is the most advanced and secure encryption algorithm supported by OpenVPN.

This encryption type is practically unbreakable and resistant even to brute-force attacks. It is considered the industry standard, as many top intelligence and military agencies use it.

OpenVPN works with either the UDP (User Datagram Protocol) or TCP (Transmission Control Protocol), which you can choose during manual setup or directly from the VPN app.

UDP is generally faster and more efficient, whereas TCP is slower but more reliable since it allows the retransmission of lost data packets to ensure that your data will be delivered fully and in the right order.

Overall, OpenVPN is a fast, highly secure, and very reliable VPN protocol that you can trust regardless of the platform or connection type you use it with.

What VPN should I use for manual configuration?

Many top VPN providers support different types of manual setup, OpenVPN is the most widely supported. Regardless of the VPN service, you plan to use, check in advance to find information regarding the supported connection types.

NordVPN allows manual configuration for both IKEv2/IPsec with the Windows 11 built-in VPN and also OpenVPN using the OpenVPN GUI application.

Altogether, it uses the OpenVPN, IKEv2/IPsec, and NordLynx VPN protocols. However, IKEv2/IPsec is only available with the macOS and iOS native apps for automatic connection.

If you want to connect to a VPN server on a Windows 11 PC using the IKEv2/IPsec protocol, the only way you can do it is by configuring it manually as shown in the example above.

NordLynx is a proprietary VPN protocol developed and used exclusively by NordVPN. It works over UDP or TCP and is only available with the dedicated NordVPN apps.

NordVPN is operated by Nord Security and managed to establish itself as a household name in the VPN industry, having 14+ million users and an impeccable reputation.

The service operates under the jurisdiction of Panama, which is known for its privacy-friendly laws given that the country neither has any mandatory data retention laws nor does it participate in any intelligence signal alliances, such as the Five Eyes.

NordVPN comes with easy-to-use native apps for Windows, macOS, Linux, Android, iOS, and browser extensions for Chrome, Firefox, Edge. It can also be configured on a VPN-compatible router to secure all devices connected to your network.

In terms of speed, NordVPN was the fastest VPN according to our multiple VPN server speed tests. It guarantees blazing-fast connection speeds for the smoothest browsing experience.

NordVPN takes care of your privacy and sensitive data with next-generation AES with 256-bit keys military-grade encryption, which represents the industry standard.

This encryption is recommended by the NSA and is resistant even to brute-force attacks. It ensures total protection against ISP monitoring, government surveillance, and hackers.

As far as other features are concerned, NordVPN includes the following: Kill Switch, Split tunneling, Dark Web Monitor, CyberSec (ad and malware blocker), Threat Protection, Obfuscated servers, Double VPN, Onion Over VPN, Private DNS, Smart DNS, Dedicated IP, and P2P.

More about NordVPN:

  • 5,200+ servers in 60 countries
  • Strict no-logs policy
  • Connect up to 6 devices
  • 30-day money-back guarantee
  • 24/7 live chat and email customer service

If you want to enjoy the above benefits, you can use the NordVPN native app for Windows 11. The VPN app comes with many extra features that are described in detail below but are unavailable with a manual IKEv2/IPsec or OpenVPN connection.



NordVPN is very fast, secure, and reliable. Plus, it provides downloadable VPN clients for every popular OS and device.
Check price Visit website

What are the differences between a manually-configured VPN and a regular VPN app?


Both the Windows 11 built-in VPN client and the OpenVPN GUI have an easy-to-use interface, allowing you to connect to a VPN server on your Windows 11 device with just a few clicks.

This can be easily noticed from the multiple screenshots used in the above configuration processes for the different VPN connection types.

VPN apps from top-notch VPN providers also have user-friendly graphical user interfaces (GUI). However, they are more complex in design given that they have additional features and settings.

Nonetheless, even if you’re using a VPN app for the first time or you’re not a tech-savvy person, you should be able to easily navigate through the settings and features in the VPN native client, as well as connect to a VPN server without any hassle.


One of the main differences between a manual VPN connection and a regular one using a dedicated VPN app is the configuration process.

Setting up a manual connection in Windows 11 shouldn’t be a hard task as long as you follow each step accordingly. There’s a misconception that more steps necessarily mean a more complicated task.

Since a manual setup involves extra steps in the process, some users may be discouraged to try this connection type for fear of messing things up.

With the information presented here, that should no longer be the case. There are slight chances that you would get stuck or encounter errors if you stick to our guides.

So, whether you use the Windows 11 built-in VPN client with any of the IKEV2, SSTP, L2TP, IPsec, or PPTP VPN protocols, or the OpenVPN GUI to establish a manual connection with the OpenVPN protocol, our comprehensive setup guides should serve you a good purpose in every instance.

As for automatic VPN connections using native VPN apps available for different operating systems and devices, things tend to be easier since fewer steps are required, and therefore there’s a lower probability that you would omit something or do anything wrong.

For instance, setting up a VPN app on your Windows 11 device is very easy. All you need to do is download the app from your VPN provider’s website, install it on your PC, and connect.

Later on, you will find an example of how to set up a direct VPN connection on Windows 11 by downloading and installing the VPN client on your device.

All in all, no matter if you choose a manual or automatic VPN connection for Windows 11, our configuration guides will effectively help you enjoy the benefits of using a VPN in any situation.


VPN servers are physical or virtual servers configured to host and deliver VPN services. They use hardware and software that allow a secure connection between the VPN client and the server.

When you connect to a VPN server, your entire traffic is rerouted through that server. Besides, a secure tunnel will be created to encrypt your data and relay it securely over the Internet.

VPN servers represent a key element for every VPN provider. Without them, creating a private and secure network on the public Internet wouldn’t be possible.

Not only are they necessary for establishing a VPN connection with your device, but they are also essential for your online anonymity, privacy, and security.

Moreover, the quality of the infrastructure VPN servers relies upon, also influences your connection speed. Other factors such as server load and the distance between your physical location and that of the VPN server will impact speed as well.

Consequently, a top-of-the-line VPN service is defined by a large server network, with fast and secure VPN servers spread across multiple locations in different countries around the world.

Having access to many VPN servers in various locations worldwide can prevent network congestion or server load, thus increasing speed.

Instead of crowding a few available servers, users will have more options to connect, so the burden on the servers will be equally distributed.

More servers across many locations and countries also mean higher chances of effectively circumventing geo-blocking, as you’ll be able to connect from virtually anywhere to access geo-restricted content.

If you want to connect to a VPN server on Windows 11 using the built-in VPN, you can add a single server name or address per connection.

Therefore, in case you wish to connect to other server locations or countries, you need to set up a separate manual connection for each location or country.

On the other hand, a manual VPN connection with OpenVPN lets you add multiple configuration files for different locations so that you can change them from the OpenVPN GUI client.

However, even though you can add as many countries or locations as you like, you won’t be able to manually change servers, as they will be chosen automatically for you.

One big difference between a manual and an automatic VPN connection is that the latter allows you to easily switch between servers directly from the native VPN app.

Moreover, many VPN apps have a quick connect option that will automatically connect you to the optimal location for speed.

This is very advantageous, especially when you don’t need to connect to a specific location to evade geo-blocks but only secure your device and enjoy fast speeds while surfing.

Also, NordVPN allows you to connect to both the fastest server in the fastest location or the fastest servers in a particular location (city) from its Windows 11 app.

VPN services such as Private Internet Access, NordVPN, CyberGhost VPN, and ProtonVPN provide specialized servers for streaming, gaming, or torrenting (P2P).

If you want to stream content from popular streaming services such as Netflix, Amazon Prime Video, Disney+, HBO Max, Hulu, Peacock, Pluto TV, FuboTV, or DAZN using a VPN can be of great help since many of these platforms are only available in certain regions or countries.

In case you live outside their supported area, you will be blocked when trying to access their websites or apps unless you use an online circumvention tool like a VPN.

Unfortunately, Netflix as well as other streaming services use advanced technology to detect and block VPN use. So, chances are that you might be detected if you use an unreliable VPN.

The good news is that top-notch VPNs also improved their technology to evade VPN blocks and allow users to access streaming platforms without restrictions.

Therefore, if you use such a VPN service, you should rather connect to the streaming-optimized servers to get around VPN detections and enjoy your favorite content from anywhere.

If you want to reduce ping and eliminate packet loss to get rid of lag when playing online games with your friends, you can choose a gaming-optimized server for the best experience.

Last but not least, if you wish to engage in P2P activities anonymously and safely while also enjoying high download and upload speeds, you can connect to a torrenting or P2P server for a seamless torrenting experience.

The good news is that each VPN that offers specialized servers allows you to easily connect to them directly from the native VPN app.

If you choose a manual VPN connection instead, there’s no guarantee that you will be able to add all of these servers. This depends exclusively on the connection type and the VPN provider.

An OpenVPN manual connection, however, will allow you in most cases to add the specific configuration files and connect to a specialized VPN server on Windows 11.

All in all, when it comes to VPN servers, using a VPN app rather than a manual connection comes with more benefits both in terms of server switching and server availability.


Encryption is what distinguishes VPN services from other online circumvention tools, such as proxy servers or smart DNS services.

It is highly important for each VPN since it’s responsible for securing all of your incoming and outgoing traffic by rerouting it via a secure VPN tunnel using different encryption protocols.

VPN protocols determine what encryption type will be used for your connection, with each protocol using its encryption algorithm. Also, protocols can support various encryption types.

Some protocols use very strong encryption. Others, such as PPTP, are outdated, use poor encryption, and have a history of security vulnerabilities.

Therefore, if you’re very concerned about your online privacy and security, you should use a VPN protocol that uses powerful encryption to ensure total protection for your devices.

The Advanced Encryption Standard (AES) is a symmetric-key encryption algorithm, which means that it uses the same key to encrypt and decrypt your data. It is the strongest encryption currently available and is used by many reliable VPN providers.

AES comes with three block ciphers that encrypt and decrypt data in blocks of 128 bits using cryptographic keys of 128, 192, and 256 bits. For example, AES-256 uses a 256-bit key length.

The longer the secret key, the harder it will be for someone to crack it with a brute-force attack. Although AES-256 is technically stronger than AES-128, the latter is also secure and can’t be broken even with a brute-force attack using the current technology available.

Also, AES encryption uses different cipher modes that are necessary for its implementation. The following are the most common cipher modes used by the AES.

  • ECB – Electronic Code Book mode
  • CBC – Cipher Block Chaining mode
  • CFB – Cipher Feedback mode
  • OFB – Output Feedback mode
  • CTR – Counter mode
  • GCM – Galois/Counter mode

The difference between a manual VPN connection and a native app is that when you set up the former, you may choose one protocol only. That is to say, you’ll use a single encryption type.

However, some VPN providers offering different encryption types allow you to change it (the key length and/or block cipher) directly from the VPN app.

In general, AES-256-GCM encryption is the most powerful. Thus, if you prioritize security over speed, you should choose this encryption type if available.


VPN protocols are sets of rules and instructions that determine how data routes between a user’s device and the VPN server.

They are a combination of transmission protocols and encryption standards that allow you to establish secure communication with the VPN server.

These VPN protocols are very important since they affect both speed and security. Therefore, they represent a relevant indicator of the overall performance of a VPN service.

When setting up a manual VPN connection using the built-in VPN, you have to select the VPN protocol beforehand to determine what connection type you’ll be using.

As such, you won’t be able to switch VPN protocols once a connection is established. If you wish to use a different protocol, you’ll need to set up a new connection with a new protocol.

Also, when setting up a manual connection with the OpenVPN GUI, the OpenVPN protocol is the only VPN protocol available for this connection type.

An important difference between a manually-configured VPN and a native VPN app is the fact that the latter lets you switch between different available protocols directly from the app.

There are various types of protocols, which differ in terms of encryption and speed. Below, you have a list of the most common VPN protocols currently available on the market.

  • OpenVPN (UDP and TCP)
  • L2TP/IPsec (Layer 2 Tunneling Protocol)
  • IKEv2/IPsec (Internet Key Exchange version 2)
  • SSTP (Secure Socket Tunneling Protocol)
  • PPTP (Point-to-Point Tunneling Protocol)
  • SoftEther VPN
  • WireGuard

Some VPN providers developed their proprietary protocols that are used exclusively by their VPN services. The following are proprietary VPN protocols developed by some popular VPNs.

  • NordLynx (NordVPN)
  • Lightway (ExpressVPN)
  • Chameleon (VyprVPN)

We’ve already described the first 5 popular VPN protocols before when we set up a manual VPN connection using the Windows 11 built-in VPN and the OpenVPN GUI.

They are the only ones on the list that support manual configuration in Windows 11. You can also choose these protocols to connect to a Windows 11 VPN server from a VPN app.

OpenVPN is very popular, secure, fast, and stable, so the vast majority of well-reputed VPN providers support it both for manual and automatic connections.

IKEv2/IPsec and L2TP/IPsec are also commonly found with certain VPN services, allowing manual connections with the built-in VPN or automatic connections from the VPN apps.

SSTP and PPTP are not frequently found with native apps from some popular VPN services since they use other, more advanced protocols instead.

However, chances are that you would find SSTP more often than PPTP, as the latter is very obsolete and offers poor security. So, it is rarely available with VPN apps from top VPN services.

PPTP has been replaced by other modern, more secure, and more reliable VPN protocols, such as OpenVPN and WireGuard. The latter is the newest addition on the protocol market and is becoming increasingly popular, as many services began to support it.

WireGuard is simple, fast, and modern. It uses advanced cryptography and is currently considered to perform better than OpenVPN, being the recommended protocol by many top VPNs.

The proprietary protocols mentioned above, as well as others of this kind, do not support manual configuration in Windows 11 and are only available via the native VPN clients offered by the VPN providers that developed them.


The following advanced VPN features are very useful, as they take your privacy, security, or anti-censorship protection to the next level.

Nonetheless, they are available exclusively for the native VPN apps, so you won’t be able to use them with a manual VPN connection.

Also, keep in mind that not every VPN provider includes all of the features below. Even if it includes them all or only a few, the ones included may not be available for each VPN app.

For instance, a certain provider can make the split tunneling feature available on Android only, and not on Windows operating systems.

However, all-around VPNs include all of the features described below, and a select few providers even make them available for all of their native clients.

Consequently, if you find the following VPN features useful and wish to enjoy them while you’re connected to a VPN server on Windows 11, you should first pick a VPN service that offers them and then download the appropriate VPN app for your OS.

✅Kill switch

If your VPN connection drops unexpectedly, your traffic will no longer be protected. Only a split second of VPN interruption would be enough for your data to leak on the open Internet.

Fortunately, a VPN kill switch – as long as it’s used correctly – can completely reduce the risk of IP (location) and sensitive data leaks when your VPN is experiencing connection problems.

By enabling the kill switch, your VPN client will automatically prevent unprotected connections by blocking Internet traffic from going outside the VPN secure tunnel.

Depending on the VPN you’re using, the kill switch may have different configuration options. For example, it can stop traffic when the VPN connection drops or when the VPN is turned off.

While most VPNs come with a kill switch that works system-wide, some allow you to restrict its range to the application level, meaning that you can choose to activate it for certain apps only.

✅Ad blocker

You may have already found what an ad blocker is or even used one as a browser extension to filter content showing up in your browser.

As its name suggests, an ad blocker shields your browser by blocking annoying ads, banners, pop-ups, tracking, and malware.

However, regular ad blockers block all of the above on the browser level only. VPN ad blockers, on the other hand, block ads and malicious websites both on browsers and apps.

Besides, they can increase browsing speeds, which are slowed down by ads and pop-ups, and also protect you against phishing attempts in certain instances.

Reliable and well-reputed VPN providers include an ad and malware blocking feature in their VPN clients that can be activated with just a few clicks.

✅Split tunneling

Did you know that you can surf the Internet using two different IP addresses without having to switch VPN servers? The split tunneling feature is the one that allows that.

In other words, even if your VPN is on, you don’t need to use it for your entire Internet traffic, as you can simply split your connection depending on the online activity type.

On the one hand, you can connect to a VPN server to get a different IP in a certain location to access region-blocked content or to secure your device while accessing untrusted websites.

On the other, you can still use your actual IP address without encrypting your traffic if you want to access local content or websites that you trust.

Therefore, split tunneling lets you set up rules to determine which apps or IP addresses will go through or bypass the VPN connection. The options can vary from provider to provider.


Obfuscation is a very unique VPN feature that is offered by only a select few VPN providers. It can be extremely helpful for bypassing Internet restrictions and censorship.

You already know that when you’re connected to a VPN, your ISP cannot monitor your activity and see what you do or visit online due to encryption.

However, your ISP can see that you’re using a VPN by inspecting your data packets. But, obfuscation can change the packets so they can’t be recognized via deep packet inspection (DPI).

That is to say, it will disguise your VPN traffic as regular ISP traffic, and therefore no one will manage to detect your VPN use anymore.

Internal networks, ISPs, or certain countries can implement VPN blocks. Nonetheless, by enabling the obfuscation feature, you will be able to get around VPN-blocking firewalls and use a VPN in areas with strong restrictions and censorship.

The obfuscation feature can be found under different names depending on the VPN provider and can be easily activated from the native VPN client.


Although a strong VPN secures your traffic through advanced encryption, multi-hop goes even further by adding an extra layer of security and privacy.

The feature is sometimes called Double VPN because it encrypts your data twice by rerouting it via a second VPN server. The two VPN servers are usually located in different countries.

With multi-hop or double VPN, you will benefit from the utmost anonymity, privacy, and security, whether you’re using the Internet at home, on public Wi-Fi, or in a foreign country.

For example, if you’re living in or traveling to a country with heavy censorship and want to evade tracking or government surveillance, multi-hop will ensure total protection.

Sometimes, multi-hop can also increase your speed because a direct route does not necessarily entail the fastest connection. So, using two different routes may create a faster path.

Establishing a multi-hop or double VPN connection is pretty easy. All you have to do is enable the feature in the VPN app, choose a pair of VPN servers, and connect to them right away.

How to establish a direct VPN connection using a native VPN app?

As you’ve already seen above, connecting to a Windows 11 VPN server using a manual connection involves a complex process. However, this doesn’t necessarily mean it is also complicated.

Some configurations require fewer steps, while others, such as IKEv2 and OpenVPN, need additional steps that you must follow accordingly.

Even though we described every setup process in minute detail, sometimes even the tech-savvy might come upon connection errors.

Nonetheless, you should be able to set up the manual VPN connections successfully as long as you stick to the steps and change additional settings where needed.

If you find it difficult to go through all those steps or you’re afraid of messing things up, you can try an alternative connection method directly from the VPN app.

As previously mentioned, using a dedicated VPN client will give you access to many other useful VPN features in addition to the simplification of the setup process.

Therefore, we provided below an example showing the general steps you should follow to establish a direct VPN connection using a native VPN app.

In the following example, we set up an automatic VPN connection by downloading and installing the Private Internet Access (PIA) native app on a Windows 11 device.

Even though VPN services vary across providers in terms of the user interface, design, and features, the configuration process is pretty general, requiring the following steps:

  1. Get a VPN subscription, then download the VPN client.
  2. Find the downloaded file, click on it, and follow the installation instructions.
  3. Launch the VPN app and log in with your credentials.
  4. Go to the list of available servers.
  5. Select a server and click on it.
  6. Connect to the chosen VPN server.
  7. The automatic connection should be now established.

A few things about Private Internet Access

Private Internet Access (PIA) is owned by Kape Technologies and registered in the USA – an ideal location for privacy given that it doesn’t have a mandatory data retention policy.

This VPN service is one of the best products currently available on the VPN market and is widely used, boasting more than 15+ million global users.

PIA provides dedicated applications (clients) for all the major operating systems and platforms, including Windows, macOS, Linux, Android, and iOS.

The available VPN apps have a very easy-to-use interface and are easily configurable on every supported device. The above example with Windows 11 is proof of that.

With 29,650 servers in multiple locations across 84 countries, PIA offers the largest network of VPN servers of all providers on the market.

So, if you set up the Windows 11 native app on your PC, you’ll manage to quickly connect to any available VPN servers with just a few clicks.

The PIA servers are also very fast, passing multiple speed tests with flying colors. So, whether you’re interested in general browsing, bypassing geo-blocking, streaming, gaming, or torrenting, just connect to the best VPN server location for your specific activity, and you’ll be all set.

Private Internet Access anonymizes your online identity by masking your ISP-assigned IP address and replacing it with a new one in a different location.

Moreover, it also ensures total online privacy and security by rerouting your entire Internet traffic via a secure tunnel so no one can intercept it.

The VPN redirects your traffic using AES-128 (GCM) or AES-256 (GCM) military-grade encryption, which is the most advanced form of encryption currently available.

To determine how the VPN tunnel is formed, PIA uses the OpenVPN (UDP or TCP) and WireGuard VPN protocols.

OpenVPN represents the industry standard since it’s used by every top VPN provider. The protocol is very fast, secure, and reliable. WireGuard, on the other hand, is newer, more lightweight, and very promising for speed and security.

With this strong security and privacy in place, you will manage to surf anonymously, privately, and securely by keeping away from monitoring, tracking, surveillance, and cyberattacks both at home and on public Wi-Fi.

Moreover, PIA comes bundled with plenty of other useful VPN features, such as Kill Switch, PIA MACE (ad and malware blocker), Split Tunnel, Multi-hop and Obfuscation, Request Port Forwarding, PIA DNS, Smart DNS, Dedicated IP, and P2P support.

The kill switch is an excellent security feature that protects your traffic and sensitive data against accidental exposure. It has two options: VPN Kill Switch and App Kill Switch.

The former prevents data leaks when PIA experiences connectivity issues by stopping any traffic outside the VPN tunnel, while the latter goes even further to stop all traffic when the VPN is off.

Split Tunnel lets you enjoy the benefits of using a VPN to mask your IP and encrypt your traffic while also being able to use your actual IP to access local content or online resources you trust.

In other words, it gives you the option of setting rules by which you can add to the list specific IP addresses that will bypass the VPN or apps that will either bypass or use the VPN.

Multi-hop and Obfuscation is a double feature in that it offers two distinct advantages combined: extra security via multi-hop and extra stealth via obfuscation.

That is to say, when you enable the feature, you will add an extra hop or encryption layer to your connection by rerouting your traffic through a second server: a Shadowsocks or SOCKS5 Proxy.

In addition, you will also obfuscate your connection by disguising your VPN traffic as normal traffic so that not even your ISP will know you’re using a VPN. This feature is mainly useful when you want to bypass VPN blocks and censorship in restrictive areas.

Extra PIA features:

  • Strict no-logs policy
  • Simultaneous access on up to 10 devices
  • Risk-free 30-day money-back guarantee
  • 24/7 live chat and email customer support

In conclusion, if you wish to enjoy extra VPN features and connect more easily to a VPN server on your Windows 11 device without going through the hassle of setting up a manual VPN connection, Private Internet Access can be a great alternative.

 Private Internet Access

Private Internet Access

PIA is a very fast, secure, and feature-rich VPN service that comes with native apps for the most popular platforms. Plus, it has the largest number of VPN servers.
Check price Visit website

Should I use a manual VPN connection or a VPN app?

Before choosing between a manual VPN connection with the built-in VPN or the OpenVPN GUI, or an automatic connection using a native app, you need to take into account a few things.

While both connection methods allow you to use a VPN effectively and connect to a VPN server on Windows 11, you can use one or the other depending on the situation.

Below, we’ll address the main advantages of using each setup method as well as when you should choose one instead of the other.

Why use a manual setup?

  • Can’t download and install the native VPN app on your device.
  • You are unable to connect to a VPN server on your Windows 11 device.
  • The device you’re using doesn’t support VPN apps (that’s not the case with Windows 11).
  • Your VPN provider doesn’t offer native VPN apps for your OS (very rare with Windows 11).
  • You’re experiencing connectivity errors with your VPN client that can’t be fixed after basic or even advanced troubleshooting.

Why use a native app setup?

  • Easy-to-use application interface and support for all major operating systems.
  • Connect to the fastest VPN server with one click using the quick connect option.
  • Switch between countries or servers to connect to your choice server with a few clicks.
  • Find the best VPN servers and locations based on distance, ping, server load, or the built-in speed test. Some reliable VPNs include these performance indicators.
  • Choose different encryption types (if available) or change VPN protocols or ports for the best connection or basic troubleshooting.
  • Ensure DNS leaks protection and prevent accidental exposure of sensitive data during connection loss with the help of a VPN kill switch.
  • Enjoy other useful security, privacy, or anti-censorship VPN features, such as ad and malware blocker, split tunneling, multi-hop, and obfuscation.

Final thoughts

All things considered, a VPN service is a very reliable option for ensuring online security, privacy, and anonymity at home or on public Wi-Fi.

Moreover, when geo-restrictions give you a hard time and prevent you from accessing websites, apps, streaming services, or gaming platforms, a high-performing VPN will effectively help you circumvent them regardless of your physical location.

Fortunately, well-reputed VPN providers allow multiple configuration options, which will let you set up your VPN service according to your specific needs.

Configuration methods vary depending on the connection type as well as the operating system your device is running on.

For Windows 11 users, setting up a manual VPN connection was simplified, compared to previous operating systems. The built-in VPN client can function as a VPN server using 4 different connection types or protocols.

Not a single connection is too hard to set up. The only difference between them is that some may require higher attention to detail or a few more steps along the way.

So, we highly hope that the info presented in the configuration guides will help you set up a hassle-free manual VPN connection using the Windows 11 built-in VPN.

In case you want to connect to a VPN server on your Windows 11 device using a manual connection with the OpenVPN GUI, our inclusive OpenVPN guide will help you as well.

If, in the unfortunate event, you deal with connection issues and still can’t connect after multiple attempts, remember that you always have the option of using a native VPN app or client.

As you’ve already seen above, a VPN app will significantly simplify things for you. Plus, it will also let you use other important VPN features that are not available with a manual setup.

Last but not least, no matter how you want to connect to a VPN, make sure to use a service that has a good reputation that is backed by multiple testing and positive reviews.

The VPNs included as examples in the manual setup guides as well as those in the extensive comparison between manually-configured VPNs and regular VPN apps are all very reliable.

It’s also worth mentioning that, in most cases, they allow the specific connection types with a premium VPN subscription only. Besides, the majority of the features that are available in the native VPN apps are premium as well.

Anyway, you should disregard free VPN services or cheaper ones that have a questionable reputation. This is because they usually rely on poor infrastructures and are also very limited in terms of connection support, server availability, security, and privacy, as well as other features.

Leave a Comment