VPN (Virtual Private Network) applications have the primary role of hiding your Web browsing data, among other things. This is done by changing your IP address, encrypting your data, and making sure your data is undetectable. All of this is possible thanks to VPN protocols. However, this can be a highly confusing topic as we have a number of protocols and each of these is suitable for certain types of online activities. With this said, we’ll talk about the five most common VPN protocols, their strengths, and their benefits.
Before we dive deep into this topic, we have a few pointers for you. The first question we encounter here is this – what is a VPN protocol? Well, this term covers various technologies that are a mix of transmission protocols and encryption standards. When you decide to use a VPN protocol, you instruct your VPN client to handle your sensitive data is a certain way. As you can expect, different protocols handle your data in different ways, with some prioritizing performance over security, and vice versa.
And now, let’s dive into this topic. Here are the explanations of five VPN protocols offered by today’s VPN services.
1. PPTP (Point-to-Point Tunneling Protocol)
PPTP is one of the oldest VPN protocols still knocking about. The first specification for PPTP was published back in the late 90s. This VPN protocol is easy to set up and has almost universal support, but has many caveats you should know about.
Plain vanilla PPTP does not actually have a specific authentication or encryption technology specified. However, when PPTP is mentioned these days, it almost certainly refers to the version that was developed and shipped by Microsoft with Windows. It forms a bundle of technologies known as the Windows PPTP stack and gives various options in terms of encryption strength.
PPTP is very fast in comparison to modern, strongly-encrypted protocols. This is a good thing when it comes to bandwidth-intensive uses such as video streaming. The problem with PPTP is that its security measures have been torn to shreds over the years. Many newer protocols exist because the vulnerabilities in PPTP are so serious. While PPTP might keep the average script kiddie out, it’s certainly within the power of a government organization or some other well-resourced entity to break in and take what they want.
When & Why Should You Use PPTP?
So for all intents and purposes, PPTP is obsolete as a privacy and security technology. If you’re looking for the best protection for your data, you should stay far away from it. If you are, however, looking only to unlock location-blocked websites, a VPN provider who offers PPTP might be worth a look. However, in that case, it might be a better idea to use another technology such as Smart DNS or Proxy, which does not pretend to provide privacy and security, but will provide geo-unlocking.
2. L2TP/IPsec (Layer 2 Tunneling Protocol)
The most common pairing with L2TP is a security protocol suite known as IPsec or simply Internet Protocol Security. It’s IPsec that actually contains the technology that handles the authentication between your own computer and the VPN server. IPsec also contains the technology to encrypt your data packets with strong encryption levels. This makes it just about impossible for even governments to break into your encrypted data.
L2TP is actually about as old as PPTP, but it hasn’t been a victim to many vulnerabilities. Especially when it comes to L2TP/IPsec which has been bundled together into a standard that is still widely in use today. Just like PPTP, L2TP is widely supported by both clients and services. However, one of the main problems with L2TP is that it can be blocked quite easily. When you live in a country that completely blocks the use of VPNs, stopping L2TP/IPsec is simple. That’s because it only uses a small number of network ‘ports’ – so, all you need to do is close them off, and your VPN stops working.
Finally, there are only two encryption standards you can choose between with L2TP/IPsec. 3DES is one, but because of known vulnerabilities, no one really uses it anymore. The standard for L2TP/IPsec (and VPNs, in general, these days) is the AES standard. 256-bit AES is essentially impossible to brute force crack with any existing computer technology.
When & Why Should You Use L2TP/IPsec?
In general, L2TP/IPsec is a great choice for an average Internet user who just wants a good level of security, doesn’t want to spend time struggling with compatibility, and would like decent performance.
3. SSTP (Secure Socket Tunneling Protocol)
SSTP is one of the VPN protocols that doesn’t suffer from the VPN blocking vulnerability we get with L2TP. In fact, there are many reasons to like SSTP, which we’ll get to in a second. However, you should know right off the bat that SSTP is mainly associated with Windows, so if you want to run it on anything else, you might be out of luck. There is nascent support for macOS and Linux, but your mileage may vary. If you are looking for a Windows-based VPN, then it’s worth reading on.
We first saw SSTP with the release of Windows Vista Service Pack 1. As you might have guessed, SSTP is a proprietary protocol wholly owned and developed by Microsoft. That might be a problem for some people since the internal workings of the standard are closed off. This means there is always a chance that Microsoft could have built backdoors into their standard at the behest of the US government. As usual, there’s no actual evidence of this, but you should keep it in mind depending on why you want VPN protection.
SSTP uses the SSL 3.0 encryption standard, which is now an older standard that has several known security issues. In fact, Microsoft itself issued an SSL 3.0 security advisory back in 2014 indicating that there are known issues with the protocol.
One key advantage of SSTP is that it can defeat many forms of VPN blocking since it can use a common port (TCP 443) which is, of course, the common port SSL websites use. Since Windows is common in most parts of the world, there’s a good chance you can access SSTP as a way to get around VPN blocking.
When & Why Should You Use SSTP?
If you are (understandably) a little skeptical of SSTP, then don’t despair! There is another protocol that offers many of the same advantages as SSTP, but without the Microsoft baggage: OpenVPN.
4. OpenVPN
OpenVPN is one of the most exciting things to happen to the world of online privacy, well, ever. It’s a true, open-source VPN protocol that is constantly growing and keeping pace with the constantly evolving world of cybersecurity.
OpenVPN uses OpenSSL and TLS in the main. There is, however, a whole host of other minor technologies built into it I don’t have the space to go into here. Unlike PPTP, SSTP and most other VPN protocols, OpenVPN has no native support for any operating system or hardware system. In that way, you can think of OpenVPN being a system-agnostic solution. This is both a pro and a con for OpenVPN since it means anyone who wants to use OpenVPN must make use of a third-party VPN client.
OpenVPN is widely used by premium VPN providers since these companies have the resources to develop their own VPN clients. This also means the VPN provider basically determines what devices it supports. If it does not create a client for, say, Android, then you’re forced to look for a third-party solution. Our recommendation is the go with the official OpenVPN app (Android and iOS), which isn’t the most elegant solution but it gets the job done.
While OpenVPN performs best on a range of UDP ports, it can be operated over TCP port 443. If you will recall, that lets you piggyback on HTTPS website traffic and evade port-based VPN blocking. Since OpenVPN uses the OpenSSL library, it has access to all the encryption technologies included in that library. However, it’s rare for anything other than AES encryption to be used, which is just fine as long as the key-length is sufficient.
When & Why Should You Use OpenVPN?
To bottom-line is that OpenVPN is the most flexible and secure protocol you can get today. As long as the VPN provider understands the technology and implements it properly, it’s usually the one to go for. At the very least, if OpenVPN is available, you should try it first before moving on to some other option. To learn more, here’s our helpful guide to OpenVPN.
5. IKEv2/IPsec – Internet Key Exchange
Like L2TP/IPsec, IKEv2/IPsec is a combination of distinct tunneling protocols combined with the IPsec suite of security technologies. This is another protocol that isn’t open in nature. Once again, Microsoft has its fingers in the pie, but in this case, they worked with networking giant Cisco to get the technology ready.
IKE is one of the newest protocols, released in the mid-2000s and it hasn’t yet become widely supported or accepted. The latest version is IKEv2 and if you’re in a corporate environment that still relies on Blackberry technology for security, you’ll love this protocol. Blackberry systems have native support for IKEv2.
Luckily for everyone, it also supports other platforms that are less esoteric. iOS, for example, has support as well. In fact, IKEv2 was created with an eye on mobile security and is capable of letting handsets switch from Wi-Fi connections to the mobile Internet without dropping the VPN tunnel. This is because the protocol supports a technology known as ‘multihoming’ which lets it handle network changes with ease.
A defining feature of IKEv2 is how fast it is. Depending on the circumstances. it’s often seen as one of the fastest VPN protocols available today. Yet, VPN providers have been cagey about supporting the technology. For one thing, it has very narrow platform support. It’s also a closed system with corporate interests. It’s just not possible to trust that companies like Cisco or Microsoft haven’t built vulnerabilities into their protocols at the behest of government organizations.
When & Why Should You Use IKEv2/IPsec?
So while this protocol provides great stability and superior speed, it has narrow support, is vulnerable to VPN blocking and suffers from security doubts. So, in the end, a protocol such as OpenVPN is preferable even if it performs a little worse than IKEv2.
FAQ
We hope that we did a good job explaining all the ins and outs of different VPN protocols. However, while we have your attention, let’s expand that knowledge a bit. We’ve answered some commonly asked questions, so make sure to keep on reading.
What Are VPN Protocols?
VPNs or Virtual Private Networks are a special type of network connection that helps keep prying eyes away from your data and identity. In general, they achieve this using two technologies: encapsulation and VPN encryption.
With encapsulation, the data packets that are at the core of Internet communication are wrapped inside another type of packet. This hides information such as a type of packet, where its final destination is and so on. Encryption is the technology used to encode and decode the data itself. So even if someone intercepts your packets, they can’t do anything without a decryption key. While all VPNs do these two things, they don’t all use the same technology to do it. There are various VPN protocols that a VPN provider can use to perform the transformation of your data into encapsulated and encrypted.
Is VPN a Protocol?
No, VPN is not a protocol, per se. Instead, VPNs are applications that grant you access to various protocols, as explained in this article.
To learn more about this type of application, we’ve prepared a series of helpful articles and guides. For example, make sure to read about what is VPN, how VPNs work and don’t forget to read about the benefits of VPN applications.
How to Pick the Best VPN Protocol For Your Needs?
When it comes to VPN protocols, things can be quite complex. This is precisely why we’ve tried to explain this matter in a simple way. So, before we conclude our article on the available VPN protocols – here’s a brief summary.
- PPTP is a very old technology that has proven to be quite vulnerable. However, it’s incredibly easy to set up, and it’s present on all popular operating systems. In case you truly care about your online anonymity, stay away from this protocol.
- L2TP/IPsec has been the most secure protocol for a very long time. However, security vulnerabilities were discovered during the last few years, which posts a question of whether you should use it. Still, it’s easy to set up and it’s efficient. Definitely a better option than PPTP.
- SSTP can be a good solution – as long as you use Windows. It’s easy to get started with this VPN protocol and it’s more secure than PPTP. Also, due to its pairing with AES encryption, it’s more secure than L2TP/IPsec.
- OpenVPN is one of the most popular VPN protocols at the moment. It can be used across different types of devices, and almost all hugely popular VPNs rely on this protocol. In short – this should be your go-to choice.
- IKEv2/IPSec is one of the newest VPN protocol standards that never really reached its full potential. It allows for secure connections and high performance – but it’s not present on all currently popular operating systems.
Which One’s Better – OpenVPN or IPSec?
Right now, the OpenVPN protocol is believed to be the most secure VPN protocol available. Even though it doesn’t offer the fastest possible speeds, it can safeguard your private data in a highly secure way. When it comes to IPSec, this protocol comes with capable encryption but it’s still not fully explored in terms of its security and potential vulnerabilities.
What’s The Most Secure VPN Protocol?
The most secure protocol is the OpenVPN protocol. You can choose from two different variants, called OpenVPN TCP and OpenVPN UDP. If you need the highest possible level of encryption, we recommend going for OpenVPN TCP. The UDP variant is recommended when you need fast performance and want to prioritize that over the stability of your Web connection.
What’s The Fastest VPN Protocol?
The fastest VPN protocols are PPTP and IKEv2/IPSec. You can also get fast performance by utilizing SSTP and OpenVPN UDP. Our strong recommendation would be to stick to the OpenVPN protocol – as this one currently brings the highest level of security without sacrificing the speed of your Web connection in a dramatic way.
Is WireGuard a Reliable VPN Protocol?
WireGuard is a brand-new and still not fully explored VPN protocol. However, it has the potential to change the entire VPN industry as it comes with fast performance while handling your personal data in the best way possible. At the moment, WireGuard can be used via a few select VPN applications, including IVPN and Mullvad.
VPN protocols are only a small part of what you need to consider when choosing a VPN. To make things easier, we’ve put together a VPN buyer’s guide that covers the most important questions. We’ve also listed what we think are the best VPNs of this year. So, you should be well-covered when it comes to finding the best VPN for your needs.