5 Common VPN Protocols Explained
Last Updated: June 10, 2021
Virtual Private Networks (VPNs) are now more popular than they were some 10 years ago. This is because of the increasing need for online security, privacy, and freedom. VPNs offer you a secure and private connection by rerouting your data traffic through an encrypted tunnel on one of their servers. During the process, your real IP address changes to one that can’t be traced back to you, and your data is only accessible by authorized parties. Of course, this means a VPN can also help you bypass geo-restrictions.
To provide all these features, VPNs use several innovative technologies such as VPN protocols. We’ll take a closer look at some of the most common VPN protocols so you can get a clearer picture of the way VPNs work. There are several protocols out there, with different advantages and flaws. But first, what exactly is a VPN protocol?
What Is A VPN Protocol?
As mentioned earlier, a VPN protocol is an essential tool that helps a VPN function effectively. VPN protocols decide the method with which your traffic gets routed from your device to the VPN servers.
These protocols are designed to function differently and have varying benefits. For example, some VPN protocols have been developed to prioritize speed or data over other functions, while others focus on security or privacy.
VPNs use different protocols that meet their requirements. While one VPN may use one or two specific protocols, another VPN might prefer other choices. However, there are two concepts of VPN functionality:
- The VPN uses two different protocols for sending your traffic through its servers and protecting the data being transmitted; or
- The VPN uses a single protocol for both tunneling and data security.
You should check a VPN’s specification to see if it suits your needs before you subscribe to it.
Let’s discuss some of the existing VPN protocols in detail.
5 Common VPN Protocols
Here is a list of five common VPN protocols and how they function:
OpenVPN is an open-source VPN that provides the ability to use it for different ports and encryption types. Because this protocol is open-source, you can analyze its source code for any weakness or use it for other projects.
Since its official release in 2001, OpenVPN has become recognized as one of the most important and secure VPN protocols in use.
OpenVPN gives you top-quality security with a custom security protocol that uses OpenSSL. It also protects data traffic using military-grade AES-256 bit key encryption, 2048-bit RSA authentication, and a 160-bit SHA hash algorithm.
This protocol is hardly blocked because of its ability to use any port and make a VPN connection look like regular internet traffic. However, many users don’t consider its speed to match other protocols like PPTP, but you may get an almost identical rate as L2TP, depending on your device and configuration.
Apart from its security and speed, you can use OpenVPN on almost every platform such as iOS, Android, Windows, macOS, Linux, and even routers. Setting up OpenVPN manually can be pretty complicated if you’re a novice. However, VPNs make it much easier with the protocol built into their program because you’ll only have to deal with the VPN app set up.
Layer 2 Tunnel Protocol (L2TP) is another popular VPN protocol. It was developed in the 90s by Microsoft and Cisco. Unlike OpenVPN and other protocols, L2TP doesn’t provide encryption or privacy by itself.
To make L2TP more secure and private, VPN providers and other services that use the protocol also have the security protocol, IPsec equipped. Together, L2TP/IPsec is one of the most secure VPN connections you could use. If you fear your security or privacy is compromised, this is a great protocol to have.
This protocol also uses AES-256 encryption and is considered impregnable. However, rumors are circulating online that the United States National Security Agency (NSA) has found a way to hack IPsec because they were part of the developers.
A lot of people often like to compare L2TP/IPsec speed with OpenVPN. In a way, L2TP/IPSec is the faster protocol, but you might not notice much of a difference. However, L2TP/IPsec is noticeably slower than PPTP.
In terms of setup, L2TP/IPsec is usually a built-in feature in many computers and mobile devices these days, so you may not have to set it up manually. Nonetheless, if you have to set it up yourself, it is an easy process.
One major flaw of L2TP/IPsec is the default port it uses; UDP on port 500. This port makes it easier for firewalls to detect and block you. Changing the port to get past these blocks requires a complex configuration.
Secure Socket Tunneling Protocol (SSTP) is another common VPN protocol. Microsoft developed SSTP, and it has been built into Microsoft operating systems since Windows Vista. It is not an open-source protocol like OpenVPN.
You can use SSTP with Winologon or even a smart chip. Although it is a Windows proprietary technology, SSTP works excellently with Linux too. Also, a lot of VPNs come with specific integrated Windows SSTP instructions. If you need it, head on to your VPN provider’s website.
Generally, SSTP is a secure protocol. It uses 256-bit SSL keys for encryption, as well as 2048-bit SSL/TLS certificates.
Windows users typically prefer this protocol because it is built into their devices, but compared to OpenVPN, it is quite the same in terms of security, privacy, and speed. However, SSTP has an advantage over L2TP/IPsec because it uses ports that bypass firewalls without you going through a complicated configuration.
SSTP is supported by Windows, Linux, and BSD systems by default. VPN providers offer this protocol via their VPN applications on Android, iOS, and macOS.
You can easily set up SSTP on windows devices manually. However, that function is not available on macOS at the moment. On operating systems like Linux, it is more complicated to set it up manually.
Internet Key Exchange version 2 is another common VPN protocol. Cisco and Microsoft also developed it. It is often not considered a VPN protocol.
IKEv2 functions as a tunneling protocol, and it facilitates a secure key exchange system. However, IKEv2 is often paired with IPsec to provide encryption and authentication.
IKEv2 is not as popular as other VPN protocols, but it is an excellent tool for mobile VPN services. It works perfectly with 3G or 4G LTE-enabled devices because of its quick reconnection if you lose your network connection for a short time going through an area with lousy reception or switching your network from mobile data to wifi or vice versa.
It is a proprietary protocol. Windows, iOS, and Blackberry devices all have built-in support for IKEv2. Linux supports open-source implementation, and Android users need third-party apps to use this protocol.
So far on our list, this is the fastest protocol, and it is evident in its reconnection speed. IKEv2 uses high levels of AES encryption, as well as the IPsec encryption suite.
Although IKEv2 is not supported on all devices, it is easy to set up if it’s compatible with yours. Although it is excellent for mobile connections, there are worries that the NSA is taking advantage of IKE flaws to undermine IPsec traffic. This is why many users opt for the open-source implementation, and it also gives you the ability to look under the hood occasionally.
WireGuard is the newest VPN protocol on our list. It is a secure VPN tunnel protocol that has improved speed, privacy, and security. It is open-source and has a much simpler codebase than other common protocols.
Although it is still under some development, it is already available on several operating systems. Also, WireGuard has a more straightforward setup than other protocols like OpenVPN, and it supports more encryption types and primitives.
Its small size makes it suitable for embedded interfaces, containers like Docker, and high-performance devices and connections. However, only a few VPN providers use the WireGuard protocol.
The overall improvements found in WireGuard make it one of the fastest VPN protocols. It also runs from the Linux kernel to improve speed and security. You can easily review its security system.
WireGuard uses the outstanding ChaCha20 encryption, which works excellently, providing faster connections than AES, and it uses fewer resources, so your phone battery lasts longer.
WireGuard also uses “cryptokey routing,” which manages network connections and controls access. However, WireGuard uses static IP addresses instead of dynamic ones, so a provider may store some of your data on a VPN server.
Other VPN Protocols
Here are some other VPN protocols that exist:
Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols created, and it is very common. It was launched in 1995 and was built into Windows 95 for Microsoft’s dial-up networks. These days though, it is barely in use.
PPTP was considered very secure in its early days, but VPN technology has dramatically improved since then, governments or malicious actors can easily crack PPTP’s 128-bit encryption. Also, PPTP is one of the fastest VPN protocols out there.
It is the most straightforward protocol to configure. PPTP is mainly built into many devices, and sometimes you may not need to set it up manually. However, people barely use this protocol because it falls short of average requirements these days.
Transport Security Layer (TSL) and Secure Socket Layer (SSL) are often considered the most common cryptographic protocol. SSL protects every connection to an HTTPS website so that. However, even though some VPNs use it, SSL isn’t precisely a VPN protocol.
OpenVPN is classified as an SSL VPN because it uses OpenSSL encryption. However, TLS is more recent than SSL, and it provides better security. SSL VPNs are easier to set up than IPsec VPNs.
Secure VPN vs. Trusted VPN
There are two categories of VPNs based on their security standards; Secure & Trusted VPNs.
A ‘secure’ VPN encrypts all the traffic sent through the tunnel, and uses any of the VPN security protocols available. Meanwhile, a ‘trusted’ VPN may not have any kind of encryption. Instead, it is up to you to trust the VPN provider to ensure you’re the only one using your IP address and pathway. These days, secure VPNs are easier to come across than trusted ones.
Additionally, there are ‘hybrid’ VPNs. These VPNs combine both properties of secure and trusted VPNs. Only a few commercial VPNs are hybrid.
VPN protocols are primarily responsible for the capabilities of VPN services. They are different, and they focus on specific aspects of a VPN service and functionality. These protocols are abundant today, but some are more effective than others. The protocols on our list are some of the most common you’ll find in most VPNs today.