Virtual Private Networks – while most of you have heard about VPN protocols, I bet you have no idea what they are.
That’s okay, you’re not alone.
In fact, according to a small survey I conducted recently, 90% of VPN users had no idea about protocols.
Even though protocols are the heart and soul of virtual private networks, most users have no clue as to what they are.
To be honest, I don’t blame them. After all, when there are multiple VPN protocols out there, and each one sounds more confusing than Kim Kardashian’s kids, it can be quite confusing to understand each of them.
Anyways, If you feel like knowing all about VPN protocols, and boast about how tech-savvy you are, you might want to stick around.
What Are VPN Protocols?
VPN protocols are basically rules that govern how your data routes between your computer and the VPN server.
Since there are multiple VPN protocols, each one has different specifications and is good for different applications.
For instance, protocols that offer fast speeds are good for streaming and online gaming, while protocols that are more geared towards privacy are good for banking and online shopping.
Today, we’re going to be taking a look at five major VPN protocols, what they’re best for and discuss their pros and cons.
But if you don’t feel like reading the entire blog, you can briefly skim through the easy to digest summary of VPN protocols below.
- OpenVPN: The most powerful VPN protocol that’s suitable for all activities. It is Open source and can be a little slow at times
- L2TP/IPsec: One of the most popular VPN protocols around. It offers good speeds but can get blocked by firewalls
- SSTP: Offers reliable security, and is quite difficult to detect and block
- IKEv2: Offers open-source implementations, is decently fast and mobile-friendly but has been weakened by the NSA over the years.
- PPTP: Offers fast speeds and excellent support for different platforms, but has plenty of vulnerability that can be exploited.
Now that you have a basic idea of what each protocol is capable off, let’s dive in a bit deeper and discuss each protocol in greater detail.
Let’s start with OpenVPN…
As the name suggests, OpenVPN is based on an open-source platform. It is highly configurable and can be used on various platforms.
Since OpenVPN is…well, open-source, for people into programming, it is possible to audit the source code for vulnerabilities. Initially released in 2001, Open VPN is one of the most secure VPN protocols out right now.
What makes OpenVPN so secure?
To start off, OpenVPN uses unbreakable AES-256 bit key encryption among other ciphers in combination with the 160-bit SHA1 hash algorithm and 2048-bit RSA authentication to ensure sensitive data is never compromised.
In addition to that, OpenVPN uses two authentication modes, static key, and TLS. While TLS ensures end-to-end encryption, the static key is used to aid the transmission of cryptographic data.
Why is it so popular?
The biggest reason why OpenVPN is so widely used is because of its excellent compatibility. Windows, Mac OS, Linux, Android, iOS and even routers are able to support OpenVPN.
Besides that, the fact that OpenVPN can be configured on any port makes it dead easy to disguise encrypted VPN traffic as ordinary network traffic, and help bypass firewalls.
What are the shortcomings of OpenVPN?
Well for one, Open VPN Is not the fastest VPN protocol around. In fact, OpenVPN is significantly slower than PPTP and offers roughly the same speeds as L2TP.
However, speeds can vary depending on what device you’re using and how you’ve configured it.
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is used to establish a safe channel between two networks, however, the protocol is void of any encryption.
This is why L2TP is usually paired with IPsec for security. L2TP protocol is rather old and was jointly developed by Cisco and Microsoft in the 90s.
How is L2TP even secure when it offers no encryption?
When paired together, IPsec handles both encryption and authentication between your computer and the VPN server, while L2TP takes care of the secure transmission of data packets.
Speaking of encryption, IPsec uses AES-256 bit encryption. Now if you don’t know, AES-256 bit encryption is considered among the top ciphers, and in theory, it is unbreakable.
The L2TP/IPsec bundle offers one of the most secure VPN connections you can opt for.
Why is it so popular?
Probably the biggest reason why L2TP/IPsec is so widely used is because of the fact that this protocol has built-in support for modern computers and mobile devices.
Compatibility isn’t a big issue and the setup process is rather simple.
What are the shortcomings of OpenVPN?
One of the biggest gripe people have with L2TP/IPsec is that it can be blocked by firewalls.
For instance, by default, L2TP/IPsec uses port 500. Knowing this information, anyone can block the corresponding ports. This is one of the techniques that are widely used in countries that don’t permit VPN usage.
Similar to L2TP in many ways, PPTP is another rather old VPN protocol that is somehow still being used. Originally developed and unraveled by Microsoft back in the late 90s, PPTP is among the most widely used protocols around.
In fact, if you dig in a bit deeper, PPTP has been in use since the time of Windows 95.
Is PPTP secure, does it offer any encryption?
Well… not quite. You see, standalone PPTP protocol itself has no predefined authentication or encryption technology.
Even though Windows PPTP stack does offer few options to tweak encryption strength, lower encryption standards effectively offer no security benefits.
So why is PPTP still so popular?
Well, there are two main reasons for its popularity. First of all, the PPTP protocol is easy to set up. Since it is built into most modern computers and mobile devices, it is by far the easiest protocol to manually setup.
Secondly, the PPTP protocol is ideal for streaming. Since PPTP offers less overhead encryption, you are going to experience fast speeds.
Are there any weaknesses in PPTP?
Right of the bat, there is strong evidence that the NSA has been successful at cracking PPTP traffic. So, while this protocol might be able to deter small scale breaches, it would stand no chance against powerful entities like the NSA.
Another VPN protocol that is owned and developed by Microsoft is SSTP. The protocol was mainly designed to work on the Windows platform only; however, there is limited support for Mac OS and Linux.
That said, Android, Mac OS, and even iOS can support SSTP through third-party clients.
Unlike PPTP which was released around the time of Windows 95, SSTP was released with Windows Vista. More specifically, with the Service Pack 1 of Windows Vista.
Is SSTP secure?
To some extent, yes, SSTP can be considered secure.
As far as encryption is concerned, SSTP uses a rather old SSL 3.0 encryption standard with known vulnerabilities. In fact, Microsoft even addressed the vulnerabilities of SSL 3.0 in 2014.
However, since SSTP also uses 256-bit SSL keys for encryption and a combination of 2048-bit SSL/TLS certificates for authentication, SSTP is still considered secure.
What benefits does SSTP offer?
Right of the bat, SSTP can bypass VPN blocking firewalls. Since SSTP uses TCP port 443, encrypted VPN traffic can get past firewalls without being detected.
Besides that, the setup process is surprisingly easy, especially on Windows platforms.
Are there any weaknesses of SSTP?
First of all, the fact that Microsoft owns SSTP, there is no way to independently assess the code for any weaknesses or backdoor paths.
In addition to that, configuring SSTP on other platforms other than Windows can be challenging.
IKEv2 is another tunneling protocol developed by Microsoft and Cisco. Among all of the VPN protocols we’ve discussed so far, IKEv2 is the latest and was officially released in 2005.
Since it is relatively new in the world of VPN protocols, there’s not much support for IKEv2 yet. Like other tunneling protocols, IKEv2 doesn’t offer any encryption.
On its own, IKEv2 is used to establish secure key exchange sessions. However, when paired with IPsec, IKEv2 can offer both encryption and authentication.
Is IKEv2 secure?
Although the risk of Microsoft and Cisco creating backdoor access to IKEv2 protocol still exists, the fact that there are open-source versions of IKEv2 available means this protocol is in fact secure.
Not only that, IKEv2 supports various versions of AES encryption.
What benefits does IKEv2 offer?
Right of the bat, IKEv2 is the fastest VPN protocol around. Another reason why people love IKEv2 protocol is because of the seamless switching experience it offers.
With the help of multi-homing technology, you can switch between Wi-Fi to 3G and 4G mobile networks without disconnecting from the VPN tunnel.
Not only that, but IKEv2 is also quite easy to set up and configure.
Are there any cons of IKEv2?
Every protocol has its weaknesses and IKEv2 is no exception. For instance, IKEv2 is not compatible with many devices. Other than that, IKEv2 is also susceptible to VPN blocking.
So Which VPN Protocols Should You Use?
So now that we’ve looked at 5 major VPN protocols in detail, let’s recall for a second what we’ve discussed so far.
To make it even easier for you to understand, I’ve compiled a table below describing the pros and cons of each protocol.
So which VPN protocol is the best?
Well, based on the fact that each VPN protocol has its pros and cons, no single VPN protocol is good for every purpose.
While OpenVPN offers powerful encryption excellent compatibility, protocols like PPTP and IKEv2 offer fast speeds.
So instead of just relying on one VPN protocol, it’s better to choose different protocols for different applications.
Ideally, instead of relying on manual configurations, you should invest in a VPN service that offers a variety of VPN protocols.
Want me to know about other complex sounding online terminologies, check out this glossary of online privacy terms.