VPN Protocols Explained

Learn about PPTP, IPsec, L2TP, IKEv2, SSTP, OpenVPN, SSL, DTLS, OpenSSH

Virtual private networks encrypt and encapsulate data to protect it while in transit through the internet. Encryption makes the data unreadable without the key to decrypt it. Encapsulation puts another packet on the data packet to hide the information like the packet used and its destination.

There are various ways a VPN provider can encrypt and encapsulate data. These methods are known as VPN protocols, and each of them has advantages and disadvantages.

Point-to-point Tunneling Protocol (PPTP)

PPTP is among the oldest VPN protocols. It is easy to set up and provides faster speed than newer protocols with more robust encryption.

Unfortunately, its security features have been repeatedly broken in the past. This makes any data passing through it vulnerable even if it’s in a VPN.

PPTP provides an easy way for those who simply want to access geo-blocked websites. With its speed, users can stream videos with little to no buffer while hiding IP addresses from ISPs.

Internet Protocol Security (IPsec)

VPNs using IPsec creates a private connection through tunneling. It operates at the network layer, which allows it to encrypt entire data packets. This lets users access the network without the need of a client.

Protocols using IPsec suit devices that have poor VPN client compatibility. Unfortunately, VPNs using these protocols are prone to getting blocked by ISPs.

Layer 2 Tunneling Protocol (L2TP/IPsec)

Since it’s a tunneling protocol, it does not have built-in encryption or technology for privacy. For security and privacy, it uses the technology of Internet Protocol Security.

What the tunneling protocol provides is a reliable connection between two L2TP ports. This makes it useful in situations wherein remote access or site-to-site access to a local area network is required.

This is useful for creating connections between offices, branches, and remote employees, and creating a public Wi-Fi network. Users who want a good secure connection without worrying about compatibilities will also find it useful.

Internet Key Exchange (IKEv2/IPsec)

IKEv2/IPsec utilizes selected tunneling protocol of Internet Protocol Security. Microsoft developed the protocol with Cisco for mobile security. The protocol can maintain the VPN tunnel while switching between Wi-Fi and mobile Internet connections.

Its defining feature is its speed and is among the fastest VPN protocols. However, VPN providers prefer not to support the protocol due to its narrow platform support. The developers do not plug some of their vulnerabilities due to pressure from US government agencies.

Secure Socket Tunneling Protocol (SSTP)

SSTP uses SSL 3.0 encryption to secure its channels. This has several known security issues, which means hackers know several ways how to bypass its encryption.

Moreover, SSTP is mostly compatible with Windows operating systems and devices. It has no compatibility with macOS and Linux devices. Furthermore, since Microsoft wholly owns it, it can have vulnerabilities open to US intelligence agencies and the country’s spying allies.

Although SSTP can easily bypass VPN blocks by ISPs, other VPN protocols can do the same. The difference is these protocols can protect the user’s data.

OpenVPN

OpenVPN is an open-source protocol. This means it has no native support on any hardware system operating system. To use it, a device must use a third-party VPN client, which is, fortunately, the case with premium VPN providers.

It has access to the numerous encryption technologies in the OpenSSL library. Also, due to its open-source nature, it is constantly developing to keep pace with the decrypting and cyberattack developments in the world.

Anyone looking for a dependable protocol should use OpenVPN. Although it requires proper understanding to use, the average internet user and power users can benefit from its security and privacy.

Secure Sockets Layer (SSL)

This protocol uses asymmetric-key encryption to secure a connection between a web browser and a web server. It also provided an enterprise’s VPN application a way for its remote users to access internal servers.

This protocol is for those who want a convenient way to access a server. Users can use it to access local area networks at home or at work remotely.

However, since users can access private and public networks at the same time, a local network becomes vulnerable to attack at any time a user remotely accesses it.

Datagram Transport Layer Security (DTLS)

DTLS solves the security vulnerabilities of SSL and its successor, TLS. It is still based on the framework of SSL, and applications are mostly browser-based.

Like SSL, it is a protocol made for remote access on a local area network. This is evident with its earliest applications, such as Cisco’s remote client AnyConnect, and F5 Networks’ Edge VPN Client.

Open Secure Shell (OpenSSH)

It provides a secure channel to a server by using a client. OpenSSH can create a point-to-point VPN for two hosts or devices. This protocol is for those who have the technical knowledge of implementing it and want complete control with their private network.