This article has been reproduced here with prior permission of MakeUseOf.
By: Gavin Phillips
You’ve probably heard this: “you need to use a VPN to protect your privacy.” Now, you’re thinking: “Okay, but how does a VPN actually work?”
That’s understandable. While everyone suggests using one, not many take the time to explain some of the core VPN technologies. In this article, we’re going to explain what VPN protocols are, their differences, and what you should look out for.
What Is a VPN?
At its most basic, a VPN allows you to access the public internet using a private connection. When you click a link on the internet, your request passes to the correct server, usually returning the correct content. Your data essentially flows, unhindered, from A to B, and a website or service can see your IP address, among other identifying data.
When you use a VPN, all of your requests are first routed through a private server, owned by the VPN provider. Your request heads from A through C to B. You can still access all the data previously available to you (and more, in some cases). But the website or service only has the data of the VPN provider: their IP address, and so on.
What Are VPN Protocols?
A VPN protocol determines exactly how your data routes between your computer and the VPN server. Protocols have different specifications, offering benefits to users in a range of circumstances. For instance, some prioritize speed, while others focus on privacy and security.
Let’s take a look at the most common VPN protocols.
OpenVPN is an open source VPN protocol. This means users can scrutinize its source code for vulnerabilities, or use it in other projects. OpenVPN has become one of the most important VPN protocols. As well as being open source, OpenVPN is also one of the most secure protocols. OpenVPN allows users to protect their data using essentially unbreakable AES-256 bit key encryption (amongst others), with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.
The OpenVPN protocol has faced criticism in the past due to low speeds. However, recent implementations have resulted in some boosts, and the focus on security and privacy is well worth considering.
Layer 2 Tunnel Protocol is a very popular VPN protocol. L2TP is the successor to the depreciated PPTP (for more details, see the PPTP section below), developed by Microsoft, and L2F, developed by Cisco. However, L2TP doesn’t actually provide any encryption or privacy itself.
That said, while L2TP/IPSec has no known vulnerabilities, it does have some slight flaws. For instance, the protocol defaults to use UDP on port 500. This makes traffic easier to spot and block.
Secure Socket Tunneling Protocol is another popular VPN protocol. SSTP comes with one notable benefit: it has been fully integrated with every Microsoft operating system since Windows Vista Service Pack 1. This means you can use SSTP with Winlogon, or for increased security, a smart chip. Furthermore, many VPN providers have specific integrated Windows SSTP instructions available. You can find these on your VPN provider’s website.
SSTP uses 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption. Overall, SSTP is quite secure.
SSTP is essentially a Microsoft-developed proprietary protocol. This means nobody can fully audit the underlying code. However, most still consider SSTP secure.
Finally, SSTP has native support for Windows, Linux, and BSD systems. Android, macOS, and iOS have support via third party clients.
internet Key Exchange version 2 is another VPN protocol developed by Microsoft and Cisco. IKEv2 on its own is just a tunneling protocol, providing a secure key exchange session. Therefore (and like its predecessor), IKEv2 is frequently paired with IPSec for encryption and authentication.
While IKEv2 isn’t as popular as other VPN protocols, it features in many mobile VPN solutions. This is because it is adept at reconnecting during moments of temporary internet connection loss, as well as during a network switch (from Wi-Fi to mobile data, for instance).
IKEv2 is a proprietary protocol, with native support for Windows, iOS, and Blackberry devices. Open source implementations are available for Linux, and Android support is available through third party apps.
Point-to-Point Tunneling Protocol is one of the oldest VPN protocols. It is still in use in some places, but the majority of services have long upgraded to faster and more secure protocols.
PPTP was introduced way back in 1995. It was actually integrated with Windows 95, designed to work with dial-up connections. At the time, it was extremely useful.
But the VPN technology has progressed, and PPTP is no longer secure. Governments and criminals cracked PPTP encryption long ago, making any data sent using the protocol unsecure.
Let’s Summarize the VPN Protocols
We’ve looked at the five major VPN protocols. Let’s quickly summarize their pros and cons.
- OpenVPN: Open source, offers strongest encryption, suitable for all activities, if a little slow at times
- L2TP/IPSec: Widely used protocol, good speeds, but easily blocked due to reliance on single port
- SSTP: Good security, difficult to block and detect
- IKEv2: Fast, mobile friendly, with several open source implementations (potentially undermined by NSA)
- PPTP: Fast, widely supported, but full of security holes, only use for streaming and basic web browsing
Unsure where to start? Check out our list of the best VPN services.