VPN (Virtual Private Network) applications are used to hide your Web browsing data, among other things. This is done by changing your IP address, encrypting your data, and making sure your data is undetectable. All of this is possible thanks to VPN protocols. However, this can be a highly confusing topic as we have a number of protocols and each of these is suitable for certain types of online activities. So, let’s dive deep into what different VPN protocols stand for, as well as how and why you should them.
VPN Protocols: Encryption & Encapsulation
VPNs or Virtual Private Networks are a special type of network connection that helps keep prying eyes away from your data and identity. In general, they achieve this using two technologies: encapsulation and VPN encryption.
With encapsulation, the data packets that are at the core of Internet communication are wrapped inside another type of packet. This hides information such as a type of packet, where its final destination is and so on. Encryption is the technology used to encode and decode the data itself. So even if someone intercepts your packets, they can’t do anything without a decryption key. While all VPNs do these two things, they don’t all use the same technology to do it. There are various VPN protocols that a VPN provider can use to perform the transformation of your data into encapsulated and encrypted.
The Most Common VPN Protocols – Explained
When you sign up for a VPN or are still considering which one to get, you might find that a number of protocols are available. What are they and which should you use? That’s exactly what we want to clarify, right here and now.
1. PPTP – Point-to-Point Tunneling Protocol
PPTP is one of the oldest VPN protocols still knocking about. The first specification for PPTP was published back in the late 90s. This kind of VPN protocol is fairly easy to set up and has almost universal support, but has many caveats you should know about.
Plain vanilla PPTP does not actually have a specific authentication or encryption technology specified. However, when PPTP is mentioned these days, it almost certainly refers to the version that was developed and shipped by Microsoft with Windows. It forms a bundle of technology known as the Windows PPTP stack and gives various options in terms of encryption strength.
PPTP is very fast in comparison to modern, strongly-encrypted protocols. This is a good thing when it comes to bandwidth-intensive uses such as video streaming. The problem with PPTP is that its security measures have been torn to shreds over the years. Many newer protocols exist because the vulnerabilities in PPTP are so serious. While PPTP might keep the average script kiddie out, it’s certainly within the power of a government organization or some other well-resourced entity to break in and take what they want.
Should You Use PPTP?
So for all intents and purposes, PPTP is obsolete as a privacy and security technology. If that’s what you are looking for, then you should stay far away from it. If you are, however, looking only to unlock location-blocked websites, a VPN provider who offers PPTP might be worth a look. However, in such a case it might be a better idea to use another technology such as Smart DNS or Proxy, which does not pretend to provide privacy and security, but will provide geo-unlocking.
2. L2TP/IPsec – Layer 2 Tunneling Protocol
L2TP is similar to PPTP in the sense that it is also a tunneling protocol. This means that it does not have its own built-in encryption or other privacy technology. Instead, you can plug in something else to do that job, which then modifies the data packets before and after it enters and leaves the L2TP tunnel.
The most common pairing with L2TP is a security protocol suite known as IPsec or simply Internet Protocol Security. It’s IPsec that actually contains the technology that handles the authentication between your own computer and the VPN server. IPsec also contains the technology to encrypt your data packets with strong encryption levels. This makes it just about impossible for even governments to break into your encrypted data.
L2TP is actually about as old as PPTP, but it hasn’t been a victim to many vulnerabilities. Especially when it comes to L2TP/IPsec which has been bundled together into a standard that is still widely in use today. Just like PPTP, L2TP is widely supported by clients and services. It’s also fast and simple to set up. Unlike PPTP, when combined with IPsec this tunneling protocol does not have the connection speed advantages but provides good enough security for most applications.
One of the main problems with L2TP is that it can be blocked quite easily. When you live in a country that completely blocks the use of VPNs, stopping L2TP/IPsec is simple. That’s because it only uses a small number of network ‘ports’, all you need to do is close them off, and your VPN stops working.
Finally, there are only two encryption standards you can choose between with L2TP/IPsec. 3DES is one, but because of known vulnerabilities, no one really uses it anymore. The standard for L2TP/IPsec (and VPNs, in general, these days) is the AES standard. 256-bit AES is essentially impossible to brute force crack with any existing computer technology.
Should You Use L2TP/IPsec?
In general, L2TP/IPsec is a great choice for an average Internet user who just wants a good level of security, doesn’t want to spend time struggling with compatibility, and would like decent performance.
3. SSTP – Secure Socket Tunneling Protocol
SSTP is one of the VPN protocols that doesn’t suffer from the VPN blocking vulnerability we get with L2TP. In fact, there are many reasons to like SSTP, which we’ll get to in a second. However, you should know right off the bat that SSTP is mainly associated with Windows, so if you want to run it on anything else, you might be out of luck. There is nascent support for MacOS and Linux, but your mileage may vary. If you are looking for a Windows-based VPN, then it’s worth reading on.
We first saw SSTP with the release of Windows Vista Service Pack 1. As you might have guessed, SSTP is a proprietary protocol wholly owned and developed by Microsoft. That might be a problem for some people since the internal workings of the standard are closed off. This means there is always a chance that Microsoft could have built backdoors into their standard at the behest of the US government. As usual, there’s no actual evidence of this, but you should keep it in mind depending on why you want VPN protection.
SSTP uses the SSL 3.0 encryption standard, which is now an older standard that has several known security issues. In fact, Microsoft itself issued an SSL 3.0 security advisory back in 2014 indicating that there are known issues with the protocol.
One key advantage of SSTP is that it can defeat many forms of VPN blocking since it can use a common port (TCP 443) which is, of course, the common port SSL websites use. Since Windows is common in most parts of the world, there’s a good chance you can access SSTP as a way to get around VPN blocking.
Should You Use SSTP?
If you are (understandably) a little skeptical of SSTP, then don’t despair! There is another protocol which offers many of the same advantages as SSTP, but without the Microsoft baggage: OpenVPN.
OpenVPN is one of the most exciting things to happen to the world of online privacy, well, ever. It’s a true, Open Source VPN protocol that is constantly growing and keeping pace with the constantly evolving world of cybersecurity.
OpenVPN uses OpenSSL and TLS in the main. There is, however, a whole host of other minor technologies built into it I don’t have the space to go into here. Unlike PPTP, SSTP and most other VPN protocols, OpenVPN has no native support for any operating system or hardware system. In that way, you can think of OpenVPN being a system-agnostic solution. This is both a pro and a con for OpenVPN since it means anyone who wants to use OpenVPN must make use of a third-party VPN client.
OpenVPN is widely used by premium VPN providers since these companies have the resources to develop their own VPN clients. This also means the VPN provider basically determines what devices it supports. If it does not create a client for, say, Android, then you can’t use it. Well, actually that’s not strictly true since there are many generic OpenVPN clients on virtually all platforms. The problem with this is that you now have to trust both your VPN provider and the ones that have created the generic client. Which means twice the risk for back-doors.
While OpenVPN performs best on a range of UDP ports, it can be operated over TCP Port 443. If you will recall, that lets you piggyback on HTTPS website traffic and evade port-based VPN blocking. Since OpenVPN uses the OpenSSL library, it has access to all the encryption technologies included in that library. However, it’s rare for anything other than AES encryption to be used, which is just fine as long as the key-length is sufficient.
Should You Use OpenVPN?
To bottom-line is that OpenVPN is the most flexible and secure protocol you can get today. As long as the VPN provider understands the technology and implements it properly, it’s usually the one to go for. At the very least, if OpenVPN is available, you should try it first before moving on to some other option. To learn more, here’s our helpful guide to OpenVPN.
5. IKEv2/IPsec – Internet Key Exchange
Like L2TP/IPsec, IKEv2/IPsec is a combination of distinct tunneling protocols combined with the IPsec suite of security technologies. This is another protocol that isn’t open in nature. Once again, Microsoft has its fingers in the pie, but in this case, they worked with networking giant Cisco to get the technology ready.
IKE is one of the newest protocols, released in the mid-2000s and it hasn’t yet become widely supported or accepted. The latest version is IKEv2 and if you’re in a corporate environment that still relies on Blackberry technology for security, you’ll love this protocol. Blackberry systems have native support for IKEv2.
Luckily for everyone, it also supports other platforms that are less esoteric. iOS, for example, has support as well. In fact, IKEv2 was created with an eye on mobile security and is capable of letting handsets switch from Wi-Fi connections to the mobile Internet without dropping the VPN tunnel. This is because the protocol supports a technology known as ‘multihoming’ which lets it handle network changes with ease.
A defining feature of IKEv2 is how fast it is. Depending on the circumstances. it’s often seen as one of the fastest VPN protocols available today. Yet, VPN providers have been cagey about supporting the technology. For one thing, it has very narrow platform support. It’s also a closed system with corporate interests. It’s just not possible to trust that companies like Cisco or Microsoft haven’t built vulnerabilities into their protocols at the behest of government organizations.
Should You Use IKEv2/IPsec?
So while this protocol provides great stability and superior speed, it has narrow support, is vulnerable to VPN blocking and suffers from security doubts. So, in the end, a protocol such as OpenVPN is preferable even if it performs a little worse than IKEv2.
Which VPN Protocols to Use? – Summary
When it comes to VPN protocols, things can be quite complex. This is precisly why we’ve tried to explain this matter in a simple way. So, before we conclude our article on the available VPN protocols – here’s a brief summary.
- PPTP is a very old technology that has proven to be quite vulnerable. However, it’s incredibly easy to set up, and it’s present on all popular operating systems. In case you truly care about your online anonymity, stay away from this protocol.
- L2TP/IPsec has been the most secure protocol for a very long time. However, security vulnerabilities were discovered during the last few years, which posts a question of whether you should use it. Still, it’s easy to set up and it’s efficient. Definitely a better option than PPTP.
- SSTP can be a good solution – as long as you use Windows. It’s easy to get started with this VPN protocol and it’s more secure than PPTP. Also, due to its pairing with AES encryption, it’s more secure than L2TP/IPsec.
- OpenVPN is one of the most popular VPN protocols at the moment. It can be used across different types of devices, and almost all hugely popular VPNs rely on this protocol. In short – this should be your go-to choice.
- IKEv2/IPSec is one of the newest VPN protocol standards that never really reached its full potential. It allows for secure connections and high performance – but it’s not present on all currently popular operating systems.
Protocols are only a small part of what to consider when choosing a VPN. To make things easier, we’ve put together a VPN buyer’s guide that covers the most important questions. We’ve also listed what we think are the best VPNs this year so far and even tested a few for their VPN performance. So you should be well-covered when it comes to finding the best VPN for your needs.