What Are VPN Protocols?

what-are-vpn_protocols-blog

A lot of people have heard of virtual private networks but don’t actually know what they really are. Some people even use a VPN encryption but don’t fully understand how it works, exactly. All they know is that they can bypass any restrictions their country has put on the internet to stream movies from anywhere. But a VPN does so much more than just bypass regional censorship. It protects a user’s online browsing from the prying eyes of internet service providers, advertisers, and potential attackers.

A VPN encrypts the data being sent from the user through what is known as VPN tunneling protocols. These tunnels secure any information sent from the user’s IP address before it reaches the website they want to visit. This in itself is a simple enough concept, but things start to get complicated when one has to consider different VPN protocols which encrypt data. There are two basic types of VPN, and each can use different protocols to encrypt the data being sent through them.

The two basic types of VPN are:

  •     Site-to-site VPN

A site-to-site VPN is also known as a router-to-router VPN because it allows one router (the VPN Client) to connect to another router (the VPN Server). This type of VPN is mainly used by companies with offices in different locations because it creates a private connection between the networks of various offices.

  •     Remote-access VPN

A remote Access VPN allows a user to connect to a private network remotely. The user can then access all of the information on the network securely through the internet. This is the most commonly used VPN type for many companies and most private users. Home-based users use a remote access VPN for all their daily browsing and online communication activities. Corporate employees will also use this type of VPN to securely access their company’s private network while working remotely.

Usually, the VPN provider will allow users to choose which protocol they prefer from a list. Some providers go with one or two fixed protocol options, though. Either way, it’s best to know which types of protocols are out there and what they do.

Below there’s a list of the various types and some more detailed information about each of them. The list will also highlight which of the following protocols establish a secure connection and encrypt data for a VPN; As well as which of the following offers the weakest form of encryption.

PPTP vs L2TP vs OpenVPN vs IKEv2 vs SSTP

It can become quite a headache to figure out all the VPN protocol options available out there and to know which ones do what. Then there’s also the matter of figuring out how these features measure up to one another and which VPN protocol offers better security than the others. So here’s a quick reference guide featuring the five most common types of VPN protocols available today. Each type of VPN protocol will be discussed in detail afterward.

PPTP L2TP OpenVPN IKEv2 SSTP
Encryption Type 128-bit 256-bit 160-bit, 256-bit 256-bit 256-bit
Level of Security Weak Medium Very Strong Strong Strong
Internet Speed Fast Medium Fast Very Fast Medium
Compatibility Windows desktop support. Support for multiple devices. Windows desktop and mobile support. Mobile support needs some work. Supports Windows desktop and Blackberry. Windows and Linux support.

L2TP

The L2TP/IPSec protocol rose in popularity because it makes use of a process called double encapsulation and also because it is easy to set up. Even though it’s known as a VPN protocol, L2TP doesn’t offer any encryption of its own. So L2TP doesn’t offer any protection for the traffic that passes through the connection. Which is why most L2TP connections are paired with another encryption protocol, usually IPSec. It also supports more secure encryption like AES-256 algorithms, but stronger encryption protocols do slow down the connection. L2TP does, however, add a level of security to this encryption because it creates a sort of ‘tunnel’ between two connection points. Just like with a normal tunnel, traffic can only travel between those two points – eliminating outsider interference The first encapsulation point establishes a PPP (Point-to-Point Protocol) connection, and the IPSec encryption is implemented through two separate tunnels.

L2TP is an extension of the PPTP VPN protocol – which was the first VPN protocol to become commercially available and is still used by many businesses today. Because of this the L2TP connection shares a lot of similarities with PPTP but is more secure due to its double encapsulation process.

Like the PPTP protocol system, L2TP already comes built into desktop and mobile operating systems, making it very accessible and easy to implement. Which is why it’s been such a popular choice among users. Although, the one downside of this type of VPN connection is that it can only go through a UDP port 500 due to the IPSec encryption system. Unfortunately, most firewalls block this type of connection, so some configuration is needed when setting it up.

While it’s predecessor has been deemed obsolete, an L2TP connection is generally considered to be secure since data is essentially encrypted twice. This type of connection also prevents any middle-man hacking attempts since the data cannot be accessed while it’s traveling between the sender and the receiver. That said, there have been some reports from the likes of Edward Snowden that imply the L2TP connection isn’t as secure as it used to be due to the NSA’s intervention. Though there’s been no official confirmation of any vulnerabilities in the L2TP/IPSec protocol connection.

The biggest motivations to choose the L2TP protocol are:

  • It can easily get through network restrictions
  • It supports nearly all modern devices and platforms
  • It’s very easy to set up
  • It offers a secure connection at relatively fast speeds

Open VPN

OpenVPN is an open source VPN that’s based on custom security protocols like SSL and TLS, along with a host of smaller technologies embedded into it. It’s an extremely flexible encryption protocol that’s great for creating both site-to-site and point-to-point connections. OpenVPN is one of the newest VPN protocols currently on the market and is very popular due to its secure encryption.

The protocol is so secure because OpenVPN relies upon open-source technologies like OpenSSL encryption, and SSL V3 and TLS V1 protocols. The traffic that travels through OpenVPN is extremely hard to pin down because of the SSL encryption – since it doesn’t allow outsiders to differentiate between the type of connection. Which, essentially, let’s its users hide in plain sight without fear of being attacked.

Being open source also means there’s a whole community of people who regularly maintain and update the protocol. Plus, it also means there’s a good chance of someone quickly finding and handling any issues on the system since more people are working on it. The open source nature of OpenVPN also has the added benefit that it can keep evolving and will stay up to date with current cybersecurity trends.

Unlike L2TP and its predecessor, PPTP, OpenVPN isn’t natively integrated into any operating or hardware system. This is a good thing – since it means anyone can use the protocol no matter what their device is. But it also means that anyone who’s looking to use OpenVPN will have to make use of a third-party provider to install the software on their system. Which is why OpenVPN is also the most popular VPN protocol under VPN providers since the open nature of the protocol gives them the power to create their own VPN clients. It also gives them the power to restrict access to their OpenVPN to only a few devices of their choosing.

However, some people will say the solution to VPN providers restricting access to specific devices is to go with a generic OpenVPN client that’s been developed by someone else. The issue with that, however, is that it creates two possible avenues of exploitation. Because users who make use of a generic client will have to put their trust into those who created it as well as their VPN service provider. Either way, setting up an OpenVPN on any device is a little more inconvenient than it would be with L2TP. Most VPN clients offer instructions on how to customize the protocol which makes it easier. However, those looking to bypass that and do their own thing are taking on a big risk. Because the setup process can be very technical to those who aren’t familiar with the technology. And the protocol won’t be secure if things aren’t set up correctly.

The biggest motivations to choose the Open VPN protocol are:

  • It’s one of the most secure VPN options currently available
  • It’s one of the fastest VPN protocols
  • It works with multiple encryption methods, making it very versatile
  • Users can configure the protocol to suit their needs
  • It works with any device

IKEv2

IKEv2 (Internet Key Exchange) is another tunneling protocol that’s also paired with IPSec encryption technology like the L2TP protocol. However, IKEv2 is known to be more secure than both L2TP or PPTP. Again, this protocol doesn’t offer encryption itself. On its own, it’s a tunneling protocol that provides a secure encryption key exchange between two computers. So IKEv2 also relies on the IPSec encryption protocol for added security measures. The IKE protocol was released by Microsoft in partnership with networking giant Cisco back in the early 2000’s, and it’s since evolved into its latest version – IKEv2.

Microsoft is currently supporting this type of VPN protocol by releasing it along with Windows OS. Every version of Windows starting from Windows 7 onward has it installed. It also offers native support for Linux. Even so, IKEv2 is still not widely used. However, it is somewhat popular for corporate use. Especially among the companies whose employees use their phones for work purposes, as the platform is naturally geared towards mobile functionality.

A person using this type of VPN also won’t have to worry about the VPN suddenly dropping its functionality if they switch between a WiFi network and mobile data. Because the system uses MOBIKE, which makes it resistant to any network changes. IKEv2 is especially handy for those who still make use of Blackberries since it natively supports that platform. But it does support other mobile platforms as well, including iOS.

Even though the IKEv2/IPSec protocol isn’t as widely used as other protocols like OpenVPN or L2TP, it does offer a very secure connection. In fact, it’s widely known to be more secure than the L2TP connection.

As the newest VPN protocol that’s currently commercially available, IKEv2 is the most advanced internet protocol on the market. Not necessarily more secure than OpenVPN, IKEv2 is still an extremely stable protocol that’s being supported by one of the most prominent tech companies in the world. It’s also one of the faster VPN protocols available right now.

It should be noted, however, that because IKEv2 also uses the IPSec protocol for encryption, it has the same drawbacks. For instance, it can be blocked by firewalls. The system also uses 3DES or AES for encryption, which once again, could potentially be at risk of NSA intrusion, since federal institutions in the US  have specifically approved those algorithms. But, again, the news of this potential risk hasn’t been corroborated by any official body.

The biggest motivations to choose the IKEv2/IPSec protocol are:

  • It’s very easy to set up due to native integration
  • Its connection won’t drop even if the internet drops or networks are switched
  • It’s fast
  • It’s one of the most stable protocols currently available

SSTP

Just like IKEv2, SSTP (Secure Socket Tunneling Protocol), is also developed and owned by Microsoft. Unlike IKEv2, however, support for the SSTP VPN is mainly restricted to Windows desktops. So anyone looking to use it on any other platform might run into some hardship. There is some limited support for Linux, BSD, and MacOS systems, but the system isn’t exactly stable on those platforms. And some third parties offer support for Android and iOS systems – SSTP doesn’t natively support those platforms either, though.

So SSTP is, essentially a Windows-based VPN protocol and is very popular for those who use the Windows operating system. Mainly because it’s the most stable VPN for that platform. SSTP can also be used with Winlogon for extra security, which is beneficial to companies with workers who need to access company information remotely. Similar to OpenVPN, SSTP also can easily bypass most firewalls because it uses the same SSLv3.

In terms of security, SSTP is commonly configured with AES encryption – making it an incredibly secure connection. So it’s the best option for anyone looking to get a VPN for security reasons. However, Microsoft does have a history of working with NSA, so users who want to use the SSTP protocol should be aware that their data might become compromised by Microsoft themselves. Besides that though, SSTP protocol uses an authentication method that’s very similar to an SSL/TLS connection. What that means is that both ends of the VPN tunnel have to be authenticated using a secret key. Otherwise, no data will be transmitted between the two connections. This helps make SSTP an immensely secure option regardless of the possible issues on Microsoft’s side.

Many VPN providers have specific Windows SSTP instructions integrated on their websites with detailed instructions in the services they offer. So it should be quite easy to set up, even for those who aren’t too technically inclined.

The biggest motivations to choose the SSTP protocol are:

  • It’s naturally integrated into the Windows operating system
  • It gets regular support from Microsoft
  • It’s one of the most secure VPN protocol options currently available
  • It can bypass NAT firewalls
  • It’s easy to set up

Which VPN protocol to use?

When it comes down to choosing a protocol, it’s best to look at which features most appeal to a person’s specific needs. Some protocols are more popular and widely used, while others only serve a more niche audience – and that, in itself, can be a determining factor for some people. Because niche features might appeal to some users that have those specific needs; While others might want to go with the most popular option that’s been proven to work well for most people.

Even so, all the details explained above is a lot to take in at once, and some readers might still be left confused about which VPN protocol they should choose. So here’s a short breakdown of all of the VPN protocols outlined in this article. There will also be some recommendations on which VPN protocols are the best for each type of specific need.

Point-to-Point Tunneling Protocol (PPTP)

It’s the grandfather of VPN protocols and offers a fast and easy-to-use experience because of it’s integrated compatibility with older Windows operating systems. However, it’s generally seen as the least secure internet protocol and should be avoided if secure data is a big concern. Plus, most desktops today use Windows 7 or newer, so the benefit of natural integration is lost in that regard as well. Still, anyone who uses an older system and isn’t too technologically savvy might find this the best option for their needs. Since it doesn’t use a strong encryption method, PPTP is also one of the fastest options out there.

Layer 2 Tunneling Protocol (L2TP)/ Internet Protocol Security (IPSec)

L2TP is a much better option than PPTP when it comes to anyone’s security needs. It’s not as secure as the newer options like OpenVPN or SSTP due to its security standards having been weakened by NSA, though. Since L2TP doesn’t encrypt any data on its own, it uses IPSec protocol so shares some of the protocol’s issues. Unfortunately, IPSec struggles to get past NAT firewalls and so anyone who uses L2TP might have to tweak their systems a bit to get the protocol working correctly. Still, L2TP is a good option for anyone who is looking for a fast VPN. It’s also a widely used protocol that offers decent security due to its double encapsulation process.

OpenVPN

OpenVPN is currently the most popular VPN for both VPN providers and users. It uses an open source model that’s based on SSL and TLS protocols, among others, which lends it a lot of flexibility and room for customization. The open source nature also holds many benefits for the protocol, including a dedicated community that is regularly monitoring and updating the protocol.

The community members make sure OpenVPN keeps up with the latest cybersecurity standards. They also make sure that there aren’t any weaknesses in the system. One of the only downsides to OpenVPN is that users need to install a third-party VPN client since it’s not natively supported by any device. Which means the setup process can be difficult and daunting. Plus, if anything is set up incorrectly, then the user faces some security risks.

Internet Key Exchange version 2 (IKEv2)/ Internet Protocol Security (IPSec)

IKEv2 shares some similarities with L2TP because it also doesn’t offer any encryption of its own and thus usually makes use of IPSec as well. That means it shares the security vulnerabilities and firewall issues of that protocol. Although many would argue that IKEv2 offers better security than L2TP does, it also seems to be faster. The best reason to use IKEv2, though, comes from its native mobile support which works well on most mobile devices, especially Blackberry. IKEv2 makes use of MOBIKE technology that will keep the VPN going even if the internet connection drops or networks are switched. Which means it’s a very stable VPN choice for anyone who needs a VPN for mobile.

Secure Socket Tunneling Protocol (SSTP)

SSTP was created by Microsoft for Windows. While the protocol does support other platforms to a limited degree, it’s most stable on Windows 7 and up. Since it has native support, SSTP is also easy to implement and can be used with Winlogon – making it a great option for remote workers. SSTP uses an AES encryption and an authentication method that’s similar to an SSL/TLS connection, both of which make this an incredibly secure option. The only drawback to SSTP is it’s limited platform support and possible security leaks from Microsoft’s side.

These are the most common VPN protocol options available today. Hopefully, this list will help anyone choose the option that best suits their needs.