Ask anyone about the implications of the internet and you will, undoubtedly, get privacy concerns and data breaches as an answer. From massive data breaches like Cambridge Analytica to censorship imposed by the Governments, the internet has become infested with people aiming to control what you see and do. Amidst all of this mess, how can you ensure that you remain safe from data breaches and free from censorship? This is where the term ‘VPN Tunneling’ comes in.
What is VPN Tunneling
VPN Tunneling can be described as:
A network security technique which helps in anonymizing the user, its location, and its data.
In VPN Tunneling, a Virtual Private Network tunnel or simply a VPN tunnel is established. When someone uses a VPN on his computer or a smartphone, the data the user is sending to a particular receiver is essentially hidden from prying eyes. Once the data is hidden there is no way for any third person to snoop around and access your information.
If we assume your request to access a particular site to be a car and the luggage in the car to be the data you send along with your request, then a VPN is a tunnel underneath the main highway that lets your car easily bypass the highway police. This way your car doesn’t get stopped by the police and your luggage remains safe.
VPNs are widely used nowadays to bypass network security. You can:
- Bypass network restrictions imposed by the organization, be it a school or the government
- Hide your true location
- Encrypt your data to safeguard it against potential hacking attempts
- Get rid of targeted ads
How does a VPN Tunnel work?
Remember the tunnel and the car analogy I just put forth. Now:
Let’s look at a scenario and try to see what happens when you type youtube.com in your smartphone or computer’s internet browser. When you type the address following things happen:
- Your computer sends a request to your router
- The router forwards this request to your Internet Service Provider or ISP
- Your ISP then reads the request and determines that you want to go to youtube.com and forwards your request to the youtube.com
- Youtube.com sends a response to your ISP
- Your ISP reads the response and determines it is from your router by reading the IP address
- Your router receives the information which is then presented to you by your browser
This is how a request/response loop is completed.
Why were VPN Tunnels Needed?
Now, if you pay close attention to the steps detailed above you can find one big issue:
Your ISP reads the request and sees where you want to go.
This can result in censorship. Your ISP can deny your request of going to a particular site. Furthermore, it can also store your data, that you send along with your request. And as you can probably tell this is not a good thing. So essentially, your car can be stopped by the highway police whenever they desire and your things can get taken into custody.
This is where the VPN tunnel comes in. A VPN hides your data and anonymizes your location. When you’re using a VPN the request/response loop looks like this:
- When you type youtube.com in your browser, the VPN software running on your computer encrypts the request that is sent to your router
- Your router receives this address and forwards it to the ISP
- The ISP sees the request and determines you want to go to some site and send you there
- The site your ISP sends you to isn’t youtube.com it’s actually the address of the VPN server
- The VPN server decrypts the actual request, determines that you want to go to youtube.com and sends you there
- And the same thing happens on the way back
So in short:
The websites you visit and the data you transmit over the internet is encrypted and not even your ISP knows where you go and what you do. Sweet!
In addition to bypassing censorship, a VPN also solves the problem of location tracking. When you use a VPN tunnel to connect to the internet, your ISP and the websites you visit can’t tell the exact location of the request. They only know the location of the VPN server which can be anywhere in the world. You can be sipping tea in a café in London watching cat videos, while all your ISP and the website sees is a server in Guatemala.
VPN Tunneling Protocols
There are numerous types of VPN tunneling. Different types of VPNs differ from each other by the tunneling protocol they use. In simple terms:
A tunneling protocol is a mechanism by which a particular VPN works. Think of it as one of the many ways to build the tunnel I mentioned before.
Following are the most commonly used VPN Tunneling protocols:
Point to Point Tunneling Protocol or PPTP is widely considered to be the precursor to all modern tunneling protocols. It works on the principle of a point to point connection which only requires a server address, a username, and a password to connect to the VPN server. Since this is a point to point connection, the encryption is weak and vulnerabilities are abundant.
PPTP is used whenever we require a speedy connection and don’t care too much about privacy. As such it isn’t recommended to use PPTP nowadays.
L2TP/IPSec is a tunneling protocol that makes use of the standard Internet Protocol Security. For the uninitiated:
IP or internet protocol is the way we connect to the internet. In IP every internet device is given an address to make it easier to identify and connect devices together. IPSec is a security measure which encrypts data traveling between devices that are using IP.
In L2TP/IPSec the user data is first encrypted by the L2TP and is then again encrypted by the IPSec. This creates dual-layer encryption that meets the AES-256 bit standard. The industry-standard encryption provided by this protocol is the primary reason people use it.
To sum it all up:
The L2TP/IPSec provides industry-standard encryption that is virtually impossible to undo but is a tad bit slower than PPTP and is also hampered by its use of the fixed internet ports. Fixed-internet ports mean it always uses the same addresses to connect which, as you can tell, makes it easy for ISPs to identify the user.
Secure Socket Tunneling Protocol or SSTP is a Windows-only tunneling protocol. Since it is Windows-only it can’t be used on any other platform and this is its biggest weakness. In SSTP, the data is routed through a Secure Sockets Layer or SSL.
SSL is characterized by:
Non-fixed ports and the use of TLS.
Non-fixed ports are great at bypassing firewalls and thus it improves upon the limitation of L2TP/IPSec.
TLS, on the other hand, encrypts the data going to and coming from the websites. It is marked by the HTTPS sign instead of the HTTP that is displayed by most sites.
OpenVPN is the newest tunneling protocol. It is the only open-source tunneling protocol. Being open-source means:
Anybody can make changes to the protocol. This means if you find a security flaw, you can either report it or fix it yourself.
Aside from open-source, it also makes use of the industry-standard AES-256 bit encryption, making the data packets secure to transmit over the internet. Since it is open-source, it is compatible with a whole host of platforms.
One minor issue of the OpenVPN protocol is the relatively hard initial setup. Fortunately, many VPN software does this setup for you.
The Best VPN Tunneling Protocol
Taking everything into consideration, OpenVPN is the best tunneling protocol. There are many reasons for it, such as:
- Compatible with almost all major platforms
- Support for AES 256-bit encryption
- Open-source nature
So always opt for the VPN software that uses OpenVPN or gives you the choice of choosing it. Most major VPN providers support OpenVPN but I recommend the following:
The VPNs mentioned above excel on every level. From an encrypted connection to a no-log policy, you can’t go wrong with any of these.
To sum it all up:
VPN Tunneling creates a secure pathway for your data to travel on. It encrypts your data and allows you to bypass censorship while hiding your location. This keeps you safe from hackers.
If you ask me, in today’s day and age, everybody should use a VPN. Your data may not look as valuable to you, but believe me, corporations spend billions of dollars in order to collect it. So take a precautionary measure and use a reliable like Surfshark