VPN Protocols: What They Are, How They Work
Even plain-language discussions of VPN protocols can seem confusing to the average user. After all, there are a lot of acronyms, statistics, and underlying networking concepts to parse. Luckily for you, we’ve written this brief (but comprehensive) rundown of everything you need to know to choose your VPN protocol like a seasoned pro.
A VPN is a Virtual Private Network. Essentially, VPNs redirect your web traffic through external, private servers and allow increased privacy. With encryption and geo-spoofing added, it should be virtually impossible for your ISP, the government or malicious third parties to track you and gain access to your personal information. This is only true, of course, as long as you’re practicing good browsing. A VPN won’t protect you from phishing links or virus infections, for example. To protect yourself from those kinds of attacks, be sure to utilize good anti-virus and anti-malware tools in addition to the VPN service of your choice.
Looking for VPN providers with the most up-to-date encryption protocols? Check these two out:
-
- NordVPN – Most Secure VPN – NordVPN is the most robust privacy solution on the market, with a dizzying array of servers, tons of options to configure your encryption protocol, exceptional customer service, and easy-to-use apps available on every platform.
- Surfshark – Surfshark hasn’t been around long, but they’re already one of the best providers due to their modernized network, unlimited simultaneous connections, and blazing-fast encryption protocols.
In this article, we’re going to thoroughly explain VPNs and VPN protocols for your convenience. By the time you’ve finished reading, you should have a much deeper understanding of how VPNs function, which should help you find the right one for your needs.
Service vs. Corporate VPNs
The most well-known type, and what we’ll primarily be discussing, is known as a Service VPN. Service VPNs are VPNs available to common consumers, typically offered with a monthly subscription fee. These offer great privacy benefits to consumers and, in many cases, allow them to circumvent censorship.
A lesser-known type is the Corporate VPN. Corporate VPNs, as their name implies, are used by businesses to allow their employees secure access to their business networks from remote locations, like home. These offer privacy benefits as well, but typically don’t offer geo-spoofing and may even have censorship of their own, depending on the policies of the business where they’re hosted. Their main purpose is simply to provide security for their business data and convenience to their employees.
Regardless of the type of VPN you’re using, however, the underlying technology is the same. A VPN protocol is one of these underlying technologies.
What’s a VPN protocol, and what difference does it make?
VPN protocols (or, more accurately, VPN tunneling protocols) determine how your data is routed and managed by your VPN of choice. Different protocols offer various benefits: some prioritize security above all, some prioritize speed, and a few are great at both. Many VPN providers will allow you to choose your protocol of choice, but others may only use one of the protocols below.
In either case, it’s important for you to know where your data is going and how it’s being managed. Keep reading to learn about the latter.
RELATED READING: How to get a US IP address when traveling
VPN Protocols
L2TP with IPSec
L2TP, or Layer 2 Tunnel Protocol, is a VPN protocol developed by Microsoft and Cisco Systems. IPSec is short for Internet Protocol Security, which is an additional framework of security technology that’s usually implemented alongside L2TP.
L2TP is a successor to two other tunneling protocols: Cisco’s L2F and Microsoft’s PPTP. L2F is Layer 2 Forwarding Protocol and was part of the first generation of VPN protocols. However, it did not provide any encryption features by itself, and needed to be paired with PPP (Point-to-Point Protocol) to establish that encryption. We’ll look into PPTP in its own section later on in this article, but spoiler alert: the standard is obsolete, and for good reason!
IPSec is a protocol used to authenticate and encrypt packets being transferred. In this context, it’s used to encrypt L2TP’s traffic. Like its predecessor, L2TP does not encrypt its own traffic and needs help from another security protocol to do so.
L2TP, once implemented with IPSec, is one of the premiere VPN protocols and a favorite among many. One reason for this is that there are no known vulnerabilities–nobody has managed to crack L2TP yet. It uses AES-256 bit encryption keys, a 3DES encryption algorithm, and double encryption. Additionally, Windows and Mac OS both have native support for L2TP, making it more user friendly (Linux, iOS and Android require additional configuration, however).
All of this combines to make L2TP one of the most (if not the most) popular choice for security-minded VPN users. However, this enhanced security comes at a cost to speed, and performance-oriented tasks might be better served through a different protocol.
SSTP
SSTP, or Secure Socket Tunneling Protocol, is another popular VPN protocol. Developed by Microsoft (like part of L2TP), it comes with a notable benefit: Every version of Windows from Vista onward features SSTP built into the operating system, making it easier than ever for users to set up a VPN.
However, this upside comes with another downside: limited support. SSTP works on Windows, FreeBSD and Linux, but Mac OS, Android and iOS are all unsupported by this VPN protocol. Additionally, while the protocol is fairly secure and generally offers good performance, it’s still Microsoft-developed, which means there is a possibility, however slim, that there are backdoors in place that could jeopardize the safety of your data.
To be fair, there are no confirmed leaks related to SSTP. It’s proprietary to Microsoft, though, so don’t use it if you don’t trust them with your data.
OpenVPN
OpenVPN is one of the most popular VPN platforms, and for good reason.
First and foremost, it supports pretty much every platform you could want it to. This list includes Windows 2000 and onward, Mac OS, Android, iOS, Linux, FreeBSD, Solaris, QNX, Maemo, and even Windows Phone. Yes, Windows Phone!
Secondly, while OpenVPN isn’t actively integrated into many OSes, it’s a popular pick among third-party applications. If you don’t mind using an app with your VPN, OpenVPN is a great choice.
Thirdly, it’s open source, hence the “Open” in its name. Open source software essentially means that anyone can edit, improve and verify the source code of a given piece of software. Thanks to this, OpenVPN has best-in-industry security and is nigh impossible to plant a backdoor in, thanks to the nature of open source development.
Its focus on security and the way the protocol is implemented inevitably results in reduced performance versus other VPN protocols, however. If security is your top concern, OpenVPN is a great pick, but if you need speed as well it may be worth considering other options.
RELATED READING: These are the best VPNs this year, according to Reddit
IKEv2
IKEv2, or Internet Key Exchange version 2, is a newer VPN protocol. It’s an open-source protocol that supports Windows, Mac, Android, iOS and Blackberry devices. However, it is not available on Linux.
IKEv2 offers great speed and security. However, there are closed-source versions of IKEv2 that aren’t nearly as safe to use. Be sure to only use an open source version of IKEv2 to remove risks of backdoors and security flaws.
RELATED READING: Here’s the best VPN that actually works in China
PPTP
Last (and definitely least) is PPTP, one of the predecessors to L2TP and SSTP.
There’s no nice way to put this: PPTP is the worst VPN protocol on this list. However, it is still present because some people are still using it, and you need to know why you probably shouldn’t (along with the one usage scenario where you might still want to)!
PPTP was released in 1995 and integrated with Windows 95, as well as every Microsoft OS released from then onward. As those who remember the reign of Internet Explorer may remember, being the “default” option on a Windows OS can bring you a long way, no matter how much better other solutions are, and PPTP is a prime example of that. The fact that other OSes (including Android, Mac OS and Linux) support PPTP helped it see even more widespread usage.
As an early VPN solution, PPTP was originally designed to work with dial-up networks. Also like early Microsoft solutions, it was primarily oriented toward enterprise customers for the aforementioned Corporate VPN usage scenario. Perhaps minding the speed concerns of dial-up, PPTP was designed in a such a manner that it had a minimal effect on performance while still adding some level of security to the traffic.
Security-wise, PPTP is a disaster. It may not have been back when it was released, but nowadays governments and cybercriminals have long learned how to cracked PPTP traffic and de-anonymize anyone that happens to be using it. The obsolete nature of this VPN protocol means that if security is even a slight concern, you shouldn’t be using it at all.
However, performance-wise, PPTP may be one of the best out there. For this reason, PPTP is often used by people who are simply using a VPN to access, say, American Netflix from another country. For serious privacy concerns and bypassing government-level censorship, however, we strongly recommend using another protocol.
Top-recommended VPNs for Security and Speed
We recommend these VPNs as fool-proof privacy solutions at an affordable price:
1. NordVPN
NordVPN is the most robust offering currently available on the VPN market. That said, this venerable provider is never content to rest on its laurels, and is always pushing the envelope for service and security.
To wit, they’ve expanded their network to encompass a dizzy array of servers, currently over 5,500 in 59 countries. Among these are numerous specialty nodes, optimized for use-cases like obfuscation, P2P downloads, anti-DDoS, double encryption, static IPs and more. Protocols include OpenVPN UDP or TCP, L2TP, IKEv2/IPSec, PPTP, and SSTP. However, NordVPN has recently launched their own protocol based off WireGuard called NordLynx, which offers the highest level of 256-bit AES encryption and blazing-fast speeds.
Additional protections include the CyberSec ad and malware blocker, a kill switch on desktop applications, plus DNS leak protection. NordVPN is headquartered in Panama, making this provider exempt from data retention and surveillance laws that compromise the anonymity offered by lesser VPNs.
Read our full NordVPN review.
- Works with Netflix, BBC iPlayer without breaking a sweat
- Over 5,400 servers in 61 countries
- 256-bit AES encryption with perfect forward secrecy
- Retains no metadata of your browsing
- 30-day money back guarantee.
- Can't specify City or Province in App.
2. Surfshark
Surfshark is something of an anomaly in the VPN industry. Most of the top-recommended providers have been around for years, but Surfshark is a relative upstart–launched just in 2019. However, they have rapidly grown into one of the most formidable champions of consumer privacy–while slashing prices and setting a new standard of excellence in the industry.
Surfshark offers a limited array of encryption protocols (OpenVPN, IKEv2/IPSec, WireGuard), but they are the best available, combining speed and security optimized for virtually any platform. Each uses the unbreakable 256-AES-GCM cipher for total security with minimal latency and slowdown.
Additionally, each of their 3200+ servers in 65 countries offers obfuscation, smart DNS, and anti-censorship modes which auto-enable as needed to counteract Internet restrictions on the fly. Leak protections include IP, DNS, and even the rare WebRTC protection. Every Surfshark app benefits from kill switch protection, as well as CleanWeb ad/malware/pop-up/tracking blockers. Finally, Surfshark’s no-logging policy has been independently vetted, and is one you can trust.
- Reliably unblocks Netflix US, UK, Japan, and more
- Unblock Netflix on any server, no more picking and choosing
- VPN obfuscation on any server with special Camouflage function
- Independently audited privacy practices
- Refund requests are simple and fast–no waiting or hassle.
- Speeds occasionally suffer a noticeable drop
- Apps may be too simplistic for power users.
Read our full Surfshark review.
Conclusion
We hope that you found the information in this article useful, and that it helps you decide what VPN providers and protocols are right for your needs. Here’s a quick recap:
- L2TP with IPSec – Amazing security with a slight performance penalty. Native Windows and Mac compatibility, but Linux/iOS/Android require additional configuration. Developed by Microsoft and Cisco. Said to be unbroken thus far.
- SSTP – Great security and performance, but limited support for non-Windows devices. Since it’s solely developed and owned by Microsoft, though, you’d better trust them with your data if you’re going to be using it.
- OpenVPN – Amazing security with a performance penalty. Great compatibility, but requires third-party apps to be utilized. Open-source development makes it great from a security standpoint, however, and it has no known breaks.
- IKEv2 – Great security and performance, but no support for Linux. Additionally, you can really only trust open-source versions; others may be less trustworthy.
- PPTP – Poor security with great performance. Good compatibility as well. Developed by Microsoft as an old VPN software, but has since become obsolete from a security standpoint thanks to a number of known faults. Is good for streaming geo-locked content, but not much else.
That about sums it up. Got any questions or comments? Please leave them for us below!
If you need a VPN for a short while when traveling for example, you can get our top ranked VPN free of charge. NordVPN includes a 30-day money-back guarantee. You will need to pay for the subscription, that’s a fact, but it allows full access for 30 days and then you cancel for a full refund. Their no-questions-asked cancellation policy lives up to its name.
@@disqus_sXEp5gBw4l:disqus
It doesn’t allow free connections. It can allow access to blocked sites if you have an exit point outside the firewall system you are trying to evade.
I am using ivacy vpn. It offers openvpn and pptp along with kill switch.
How can I be sure my VPN provider uses OpenVPN, not PPTP ? I see several services that announce PPTP and OpenVPN. I also remember seeing different port options available in their .ovpn files. How can I make sure that I stay way from PPTP ? Like VPNUnlimited offer PPTP, and they have their own client, which is required if I want to use 443/TCP SSL encapsulation. But their client sometime does not work under Linux, and I have to revert to the .ovpn files.