A VPN is a valuable tool that helps you to not only hide your devices IP address but also provides security by encrypting your information before it goes online. It does this thanks to protocols. However, there are different protocols to choose from, and some work better in certain circumstances than others. So how do you know which VPN protocol to choose?
Different VPN Technologies
Virtual Private Networks use two technologies called encryption and encapsulation.
When using encapsulation, packets of data are wrapped inside another packet. Information such as the destination of the data along with the type of data remains hidden in its wrapping.
The encryption is what encodes and decodes your data to keep it safe from prying eyes if someone manages to intercept it. As the information is encoded, it is unreadable.
VPNs use different protocols to either use encryption or encapsulate your data and we are going to look into the most common protocols along with the pros and cons.
Most Common VPN Protocols
While a VPN can work out of the box, so to speak, you can also go into the settings of the app you installed and choose a different protocol to use. Here we are going to talk about the different ones available, along with the pros and cons.
One of the most secure, along with flexible protocols used by premium VPN providers such as ExpressVPN is OpenVPN. It is widely used and constantly growing to meet the needs of ever-evolving cybersecurity.
OpenVPN makes use of both TLS and OpenSSL along with having numerous technologies in-built. What makes it stand out from other protocols is the fact that it has no native support for hardware systems and operating systems.
This does bring us to the downside and this is that a third-party VPN client is required if you want to take advantage of OpenVPN. ExpressVPN is one of the providers offering the protocol and supports numerous devices.
OpenVPN may be used on a range of UDP ports, along with TCP Port 443. This is great for bypassing port-based VPN blocks.
The protocol takes advantage of the OpenSSL library, which means it can access various encryption technologies. However, the most popular type of encryption is AES.
Providing the VPN provider implements it properly and they have an understanding of the technology, OpenVPN is the most secure protocol available today.
SSTP is popular for numerous reasons but the protocol is mainly used on the Windows platform as Microsoft develops it.
However, it is possible to use it with Linux and Mac with nascent support. If you are on the Windows platform, you might give it some thought.
The downside is that no one knows if Microsoft put a backdoor into it at the request of the government. While there is no evidence of this, it has been a rumor circulating.
Another downside to SSTP is that it uses SSL 3.0 encryption, which is old and known to have security issues.
One advantage of using this protocol is that it can overcome numerous types of VPN blocking, such as in China.
Another one that Microsoft worked on with Cisco is IKEv2/IPsec. So again, this is not an open protocol but it is one of the newest out there.
It supports many devices and is designed with mobile security in mind. Devices are in a position to switch from a Wi-Fi connection to mobile internet keeping the VPN tunnel in place.
One thing that stands out about using IKEv2/IPsec is the speed.
IKEv2/IPsec is very fast. On the downside, many VPN providers have refrained from using the technology due to it being something of a closed system. Again, there have been worries that Microsoft may have been behind hiding vulnerabilities into the protocol.
IKEv2/IPsec does offer superb stability along with speed but it is vulnerable to VPN blocking.
L2TP/IPsec is similar to PPTP in that both are tunneling protocols.
What this means is they do not rely on their own encryption. Instead, something else needs plugging into them for encryption. Data packets are modified before and after entering the tunnel to the internet.
One of the most widespread pairings is IPsec, as this is what contains the technology required for authentication between the VPN server and the computer. In addition, it is what encrypts data packets using robust levels of encryption.
The good news is that your data is extremely secure, with even governments finding it impossible to break into encrypted data. The protocol supports numerous services along with clients.
One of the biggest issues with using L2TP/IPsec is that it can easily get blocked. This is not a protocol for use in countries such as China, where the use of VPNs is restricted.
If you want decent performance, along with compatibility and good security levels, you might want to consider using L2TP/IPsec.
PPTP is the oldest of the VPN protocols available. However, it is easy to set up and does have universal support. On the downside, there are many cons to using PPTP with your VPN.
The vanilla PPTP does not have specific encryption technology or authentication. Of course, Microsoft developed a version with its Windows platform, which does come with options for encryption strength.
On the good side, PPTP is fast when compared to strongly encrypted protocols, making it a good choice from HD video streaming. It will be perfect for everyone who wants to see all the races of the MotoGP season.
The downside is that it is lacking in security, which led to many of the newer protocols arrivals. If you are serious about your security and protecting your data, you might want to avoid this and go with more secured encryption like OpenVPN for instance.
WireGuard is the newest protocol on the list, developed merely a few years ago. This protocol aims to dethrone OpenVPN, providing everything it provides, but on a much higher scale. For example, WireGuard brings 5 times faster connection speeds, making them almost instantaneous.
Moreover, you’ll experience fewer speed losses with it, as it’s focused primarily on speed and performance. Another good thing is that it’s very simple and open-source. It comes with just 4,000 lines of code, making it easy to maintain and edit as needed.
Vanilla WireGuard is flawed in terms of privacy and security, and in this state, it’s vastly inferior to OpenVPN. However, with a few implementations, such as NordLynx of NordVPN, all of its issues are rectified and it’s almost on-par with the aforementioned protocol.
The only downside today is the decreased ability to bypass geo-restrictions. But, if that’s not your primary concern, WireGuard, along with OpenVPN, is the best solution.
VPN protocols are very complex and we have explained them as easily as we can above and here is a brief summary.
OpenVPN is the most popular and most widely used. It supports numerous devices and many of the popular VPN providers use it.
SSTP is a good choice for users of Windows and it is easy to use. It also provides more security than PPTP or L2TP/IPsec when paired with AES encryption.
IKEv2/IPsec is among the newest protocols but sadly, it has not yet reached full potential. It is not available on all operating systems but those it does work with allow to secure connections along with high performance.
L2TP/IPsec is a secure option but over the past years, security has become an issue with vulnerabilities discovered. On the plus side, it is not difficult to set up.
PPTP is old and while it is easy to set up and it is on various operating systems, it does have vulnerability issues. If you want to remain safe and secure online, which you should with a VPN, we do not recommend using it.
WireGuard is the newest addition to the VPN protocols roster, promising much faster speeds and impeccable security. Its vanilla version is flawed, while the upgraded one meets all the requirements. Don’t use it for bypassing geo-restrictions because it’s not very good, though.
Quentin is the co-founder of the-bestvpn.com. With several experiences as a System and Network Engineer, he is very knowledgeable when it comes to VPN, cybersecurity and the risks of using the Internet nowadays.