6 Commonly Used VPN Protocol Types
6 Commonly Used VPN Protocol Types
Have you ever heard of OpenVPN, SSTP, L2TP. Then what does all this mean? Below is an explanation of the types of VPN protocols that are commonly used so that you can choose the best one for your privacy needs.
While everyone recommends using a VPN, not many take the time to explain some of the core VPN technologies. In this article, we will explain what VPN protocols are, how they differ, and what you should pay attention to.
What are VPNs?
Basically, a VPN lets you access the public internet using a private connection. When you click on a link on the internet, your request is forwarded to the correct server, usually returning the correct content. Your data essentially flows, seamlessly, from A to B, and websites or services can see your IP address, among other identifying data.
When you use a VPN, all your requests will be routed first through a private server owned by the VPN provider. Your request goes from A to C to B. You can still access all the data that was previously available to you (and more, in some cases). But the website or service only has data from the VPN provider: their IP address, and so on.
There are many uses for a VPN, including protecting your data and identity, circumventing repressive censorship, and encrypting your communications.
What is a VPN Protocol?
The VPN protocol determines exactly how your data routes between your computer and the VPN server. Protocols have different specifications, offering benefits to users in various circumstances. For example, some prioritize speed, while others focus on privacy and security. Let's take a look at the most commonly used VPN protocols.
OpenVPN is an open source VPN protocol. This means users can check their source code for vulnerabilities, or use it in other projects. OpenVPN has become one of the most important VPN protocols.
Apart from being open source, OpenVPN is also one of the most secure protocols. OpenVPN allows users to protect their data using essentially unbreakable AES-256 bit encryption keys (among other things), with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.
Besides providing strong encryption, OpenVPN is available for almost every platform: Windows, macOS, Linux, Android, iOS, routers, and more. Even Windows Phone and Blackberry can take advantage of it, which means you can set up a VPN on all your devices. It is also the protocol of choice among popular VPN services and is easy to use.
The OpenVPN protocol has faced criticism in the past for its low speeds. However, recent implementations have resulted in some improvements, and the focus on security and privacy is worth considering.
Layer 2 Tunnel Protocol is a very popular VPN protocol. L2TP is a depreciated successor to PPTP, which was developed by Microsoft, and L2F, which was developed by Cisco. However, L2TP does not actually provide any encryption or privacy itself.
Therefore, services using L2TP are often bundled with the IPsec security protocol. Once implemented, L2TP/IPSec is one of the most secure VPN connections available. It uses AES-256 bit encryption and has no known vulnerabilities (although the NSA is suspected to have cracked IPSec).
While L2TP/IPSec has no known vulnerabilities, it does have a few drawbacks. For example, the default protocol uses UDP on port 500. This makes traffic easier to identify and block.
Secure Socket Tunneling Protocol is another popular VPN protocol. SSTP comes with one important benefit, namely that it has been fully integrated with every Microsoft operating system since Windows Vista Service Pack 1. This means that you can use SSTP with Winlogon, or for increased security, a smart chip. Additionally, many VPN providers have specific integrated Windows SSTP instructions available. You can find it on your VPN provider's website.
SSTP uses a 2048-bit SSL/TLS certificate for authentication and a 256-bit SSL key for encryption. Overall, SSTP is quite secure.
SSTP is basically a proprietary protocol developed by Microsoft. This means that no one can audit the underlying code. However, most still consider SSTP secure.
Finally, SSTP has native support for Windows, Linux, and BSD systems. Android, macOS, and iOS have support via third-party clients.
Internet Key Exchange version 2 is another VPN protocol developed by Microsoft and Cisco. IKEv2 itself is just a tunneling protocol, providing a secure key exchange session. Because of this (and like its predecessors), IKEv2 is often paired with IPSec for encryption and authentication.
While IKEv2 is not as popular as other VPN protocols, it is a feature in many mobile VPN solutions. This is because it is adept at reconnecting during times when the internet connection drops, as well as during network switching (from Wi-Fi to cellular data, for example).
IKEv2 is a proprietary protocol, with native support for Windows, iOS, and Blackberry devices. An open source implementation is available for Linux, and Android support is available via third-party applications.
Unfortunately, while IKEv2 is great for cellular connections, there is strong evidence that the NSA is actively exploiting IKE deficiencies to corrupt IPSec traffic. Therefore, using an open-source implementation is very important for security.
Point-to-Point Tunneling Protocol is one of the oldest VPN protocols. It's still in use in some places, but most VPN services have deprecated it.
PPTP was introduced in 1995. It was actually integrated with Windows 95, designed to work with dial-up connections. At that time, it was very useful.
But VPN technology has evolved, and PPTP is no longer secure. Criminals have long cracked PPTP encryption, making any data sent using the protocol insecure.
However, it is not completely dead yet. You see, some people think that PPTP provides the best connection speed, precisely because of the lack of security features (compared to modern protocols). Because of this, it is still used for users who just want to watch Netflix from a different location.
Wireguard is the newest VPN protocol. It is open source and uses a much simpler code base compared to other major VPNs. Additionally, Wireguard's VPN service is easier to set up than OpenVPN and includes support for a wider variety of encryption primitives and types.
The combination of encryption types and primitives and a smaller code base, along with other improvements, makes Wireguard one of the fastest VPN protocols. Additionally, Wireguard is a better choice for portable devices, “perfect for small embedded devices such as smartphones and fully loaded backbone routers”.
The ChaCha20 encryption algorithm, which Wireguard also uses with mobile devices, offers faster speeds than AES and with fewer resources.
That means when you use the Wireguard VPN protocol, your battery will last longer compared to other VPN protocols. Wireguard is “built right into the Linux kernel”, which should provide increased speed and security, too, especially for Internet of Things devices (many of which use Linux-based embedded systems).
Wireguard is available for all major operating systems, although interestingly, it was the last time it appeared on Windows.
Now you have seen some of the common types of VPN protocols used.
* OpenVPN: Open source, offers the strongest encryption, suitable for all activities if a bit slow at times
* L2TP / IPSec: Widely used protocol, good speed, but easily blocked because it relies on a single port
* SSTP: Good security, difficult to block and detect
* IKEv2: Fast, mobile friendly, with some open source implementation (potentially broken by NSA)
* PPTP: Fast, widely supported, but full of security holes, only used for streaming and casual web browsing
* Wireguard: Fast, open source, with growing support among VPN providers
For strong security, choose a VPN provider that offers a choice of secure protocols.
Post a Comment