VPN (Virtual Private Network) applications have the primary role of hiding your Web browsing data. That is done by changing your IP address, encrypting your data, and making sure your data is undetectable. All of that is possible thanks to VPN protocols. However, that can be a highly confusing topic as we have several protocols out there, each with its set of pros and cons. Therefore, let's talk about the 6 most common VPN protocols, explaining their strengths, downsides, and benefits.
And now, let's dive into this topic. Here are the explanations of the 6 most common VPN protocols offered by today's VPN apps/services in 2021.Â
1. PPTP - Point-to-Point Tunneling Protocol
PPTP is one of the oldest VPN protocols still knocking about. The first specification for PPTP was published back in the late '90s. This VPN protocol is easy to set up and has almost universal support (here's how to set up a PPTP VPN on Windows) but has many caveats you should know about.
Plain vanilla PPTP does not actually have a specific authentication or encryption technology specified. Still, when PPTP is mentioned these days, it almost certainly refers to the version developed and shipped by Microsoft with Windows. It forms a bundle of technologies known as "Windows PPTPÂ stack"Â and gives various options in terms of encryption strength.
PPTP is very fast in comparison to modern, strongly encrypted protocols. That's a good thing when it comes to bandwidth-intensive uses such as video streaming. However, the problem with PPTP is that its security measures have been torn to shreds over the years. Many newer protocols exist because the vulnerabilities in PPTP are so serious. While PPTP might keep the average script kiddie out, it’s certainly within the power of a government organization or some other well-resourced entity to break in and take what they want.
2. L2TP/IPsec - Layer 2 Tunneling Protocol
The most common pairing with L2TP is a security protocol suite known as IPsec or simply Internet Protocol Security. It’s IPsec that actually contains the technology that handles the authentication between your own computer and the VPN server. IPsec also contains the technology to encrypt your data with strong encryption levels.
L2TP is actually about as old as PPTP, but it hasn’t been a victim to many vulnerabilities. That especially applies to L2TP/IPsec, which has been bundled into a standard that is still widely used today. However, one of the main problems with L2TP is that it can be blocked quite easily. When you live in a country that completely blocks the use of VPNs, stopping L2TP/IPsec is simple. That's because it only uses a small number of network ports - so all you need to do is close them off, and your VPN stops working.
Finally, there are only two encryption standards you can choose between with L2TP/IPsec. 3DES is one, but because of known vulnerabilities, no one really uses it anymore. The standard for L2TP/IPsec (and VPNs, in general, these days) is the AES standard. 256-bit AES is essentially impossible to brute force crack with any existing computer technology.
3. SSTP - Secure Socket Tunneling Protocol
You should know right off the bat that SSTP is mainly associated with Windows, so if you want to run it on anything else, you might be out of luck. There is nascent support for macOS and Linux, but your mileage may vary. If you are looking for a Windows-based VPN, then it’s worth reading on.
We first saw SSTP with the release of Windows Vista Service Pack 1. As you might have guessed, SSTP is a proprietary protocol wholly owned and developed by Microsoft. That might be a problem for some people since the internal workings of the standard are closed off. This means there is always a chance that Microsoft could have built backdoors into their standard at the behest of the US government. As usual, there’s no actual evidence of this, but you should keep it in mind depending on why you want VPN protection.
SSTP uses the SSL 3.0 encryption standard, which is now an older standard that has several known security issues. In fact, Microsoft itself issued an SSL 3.0 security advisory back in 2014, indicating that there are known issues with the protocol.
One key advantage of SSTP is that it can defeat many forms of VPN blocking since it can use a common port (TCP 443) which is, of course, the common port SSL websites use. Since Windows is common in most parts of the world, there’s a good chance you can access SSTP as a way to get around VPN blocking.
4. OpenVPN
OpenVPN is one of the most exciting things to happen to the world of online privacy, well, ever. It’s a true, open-source VPN protocol that is constantly growing and keeping pace with the constantly evolving world of cybersecurity.
OpenVPN uses OpenSSL and TLS in the main. Unlike PPTP, SSTP, and most other VPN protocols, OpenVPN has no native support for any operating system or hardware system. In that way, you can think of OpenVPN being a system-agnostic solution. This is both a pro and a con for OpenVPN since it means anyone who wants to use OpenVPN must make use of a third-party VPN client.
OpenVPN is widely used by premium VPN providers since these companies have the resources to develop their own VPN clients. This also means the VPN provider basically determines what devices it supports. If it does not create a client for, say, Android, then you're forced to look for a third-party solution. Our recommendation is to go with the official OpenVPN app (Android and iOS) - which isn't the most elegant solution, but it gets the job done.
While OpenVPN performs best on a range of UDP ports, it can be operated over TCP port 443. If you will recall, that lets you piggyback on HTTPS website traffic and evade port-based VPN blocking. Since OpenVPN uses the OpenSSL library, it has access to all the encryption technologies included in that library. However, it’s rare for anything other than AES encryption to be used, which is just fine as long as the key length is sufficient.
5. IKEv2/IPsec – Internet Key Exchange
Like L2TP/IPsec, IKEv2/IPsec is a combination of distinct tunneling protocols combined with the IPsec suite of security technologies. This is another protocol that isn’t open in nature. Once again, Microsoft has its fingers in the pie, but in this case, they worked with networking giant Cisco to get the technology ready.
IKE is one of the newest protocols, released in the mid-2000s. The latest version is IKEv2, and if you’re in a corporate environment that still relies on Blackberry technology for security, you’ll love this protocol. Blackberry systems have native support for IKEv2.
Luckily for everyone, it also supports other platforms that are less esoteric. iOS, for example, has support as well. In fact, IKEv2 was created with an eye on mobile security and is capable of letting handsets switch from Wi-Fi connections to the mobile Internet without dropping the VPN tunnel. This is because the protocol supports a technology known as 'multihoming' which lets it handle network changes with ease.
A defining feature of IKEv2 is how fast it is. Depending on the circumstances, it’s often seen as one of the fastest VPN protocols available today. Yet, VPN providers have been cagey about supporting it. For one thing, it has very narrow platform support. It’s also a closed system with corporate interests. It’s just not possible to trust that companies like Cisco or Microsoft haven’t built vulnerabilities into their protocols at the behest of government organizations.
6. WireGuard
All of the previously mentioned and explained VPN protocols were developed some time ago, which is crucial in the world of VPNs. That means they had plenty of time to show their weaknesses, making them suitable for sensitive tasks such as securing your online privacy. However, that doesn't stop VPNs from implementing new technologies.
That's precisely where the story about WireGuard comes into play. It was first developed only 5 years ago, and it became stable enough just recently. However, there are many reasons why commercial VPN services such as Surfshark, TorGuard, NordVPN, Private Internet Access, and IVPN have already started offering WireGuard.
First and foremost, WireGuard is highly secure and open-source, just like OpenVPN, which is the VPN's industry gold standard. However, it is also much faster than OpenVPN and works great with any type of Web connection. So, you can expect to connect to servers instantly, and if you switch between 4G/5G and Wi-Fi while using WireGuard, you won't notice a single disruption. That's something that no other VPN protocol offers.
However, also know that WireGuard doesn't use AES-256 but instead relies on a somewhat untested encryption component in encryption called ChaCha20. In theory, that should not be a problem, even if you're paranoid about your online privacy. Still, because this is a brand-new protocol, only time will tell how much we can trust it.
VPN protocols are only a small part of what you need to consider when choosing a VPN. To make things easier, we’ve put together a VPN buyer’s guide that covers the most important questions. We’ve also listed what we think are the best VPNs of this year. So, you should be well-covered when it comes to finding the best VPN for your needs.
That would be all there's to know about the currently used VPN protocols. In case you have any questions, let us know via the comments section below. And lastly, thanks for reading!