The 5 Most Common VPN Protocols Explained
The number of Virtual Private Network (VPN) users is going off the charts daily. Many merely subscribe for the services of VPN providers based on techy catch-phrases like ‘Kill Switch Feature,’ ‘Obfuscation Supported,’ or ‘Strong VPN Protocols.’ We shall be shining the spotlight on VPN Protocols in this article.
Perhaps you’ve read on an online forum that a particular VPN service supports L2TP or SSTP. At the end of this article, you’ll be able to tell one from the other and the implication of using a VPN that supports a particular protocol.
What is a VPN Protocol?
A VPN protocol is a standard that determines how data packets move between your Personal Computer and the VPN server or between the server and a generic internet-enabled device. The features of the existing VPN protocols largely depend on the concerns that take the front burner on the creator’s priority list. As mentioned earlier, some VPN protocols have features that make them preferable with regards to connection speed, while some prioritize user security and privacy over all other accompanying benefits.
However, it is worthy of note that some VPN services have incorporated innovativeness into their VPN applications and servers — vis, using two VPN protocols simultaneously; one for transporting data packets and the other for security and privacy.
The Common VPN Protocols
Below are some of the most common VPN protocols.
IKEv2 is a contraction of Internet Key Exchange (version 2). The IKEv2 is a VPN protocol that was developed through the concerted effort of Microsoft and Cisco. The two IKE versions were initially created as a protocol for data transfer handshakes across network connections – that is, for secure AES key exchanges, and when paired with IPSec for data access authentication and encryption.
The IKEv2 protocol is not very popular compared to the other common ones and is mostly famous for mobile VPN applications. It is no news that mobile internet connections are usually poor and inconsistent. This is the exact reason the protocol has been adopted for this platform; IKEv2 automatically reconnects as often as a connection downtime occurs.
Devices by Windows, Blackberry, and iOS support IKEv2; access to the protocol on these platforms is, however, licensed. To use IKEv2 on Android and Linux Operating System, there are third-party applications to make it feasible.
Der Spiegel, a security analyst, revealed security vulnerabilities of IKEv2 as he shows evidence of NSA espionage. However, the exact method of exploiting the protocol’s vulnerability is not known. IPSec was isolated as the most probable channel of infiltration.
Short for Point-to-Point Tunneling Protocol, PPTP is one of the flagship protocols in the history of VPNs. Though PPTP still enjoys usage in a few classic network setups, it is mostly archaic but has been utilized as a framework for developing more practical protocols.
Initially introduced in 1995, PPTP has been adopted in authentication and encryption features of some Microsoft Windows versions. At the time of its inception (the 1990s), PPTP was the rave of the moment, as it supported dial-up connections.
VPN technology has since then evolved in unprecedented scales, so much so that VPN service providers have moved on to more secure protocols. The data packet encryption protocol of the PPTP protocol has long been demystified, leaving it vulnerable to security threats. As obsolete and insecure as PPTP seems, persons who are not particular about data integrity, but give preeminence to connection speeds, will find it to be one of the fastest VPN protocols available.
The OpenVPN protocol is open-source, a factor that makes it one of the most popular VPN protocols available. VPN service providers utilize improved versions of OpenVPN to meet the peculiar needs of their VPN services.
Initially authored by James Yonan, OpenVPN was first released to the public in May 2001 and has since then enjoyed a stable release of updates to the source code on the git repository. Due to the access for contributions from several qualified individuals, OpenVPN has grown to become one of the most secure VPN protocols available. It outwits deep-search firewalls and Network Address Translators (NATs). Some of the OpenVPN features that make top-notch security possible are:
- The unbreachable AES-256 bit encryption (unbreakable by even the NSA)
- 160-bit SHA1 hash algorithm
- 2048-bit authentication
- SSL/TLS for key exchange
As if the strong encryption and authentication capabilities are not enough, OpenVPN is also a cross-platform protocol. This means it can work on Android, iOS, Linux, Windows, macOS, and even routers. At the turn of the decade, VPN services were only available to devices that sport a network card and have hardware that qualifies it as a network node. Newly developed internet-enabled devices naturally use the OpenVPN protocol or a modified version because of its compatibility with multiple platforms.
End-users of services supporting the OpenVPN protocol have repeatedly complained about low connection speeds, majorly caused by the required heavy encryption and authentication. In response to this, developers have made new releases that permit faster connections, though not as fast PPTP.
L2TP stands for Layer 2 Tunnel Protocol. It is a tunneling protocol that was developed as a replacement for PPTP. Though it does not encrypt the actual content of data packets, L2TP, however, hides the control message that establishes an authentication between two network nodes. Rather than encrypting data being sent over a network connection, L2TP provides an encrypted Layer 2 tunnel. And in some cases, it provides an additional Layer 3 encryption protocol – usually IPSec.
It would be safe to say the L2TP protocol is trailing OpenVPN in popularity. This is because the L2TP/IPSec combination affords security features that are close to that of OpenVPN. They both sport AES-256 bit encryption, thus making it almost impossible to breach. A significant drawback, however, exists in the implementation of L2TP/IPSec. This drawback makes the channel of data transfer on any network using L2TP/IPSec protocol very predictable. This predictability arises because L2TP/IPSec connects by default via UDP on port 500. The predictability of the ports used for VPN data transfer makes them susceptible to blocking by ISPs and firewalls.
Secure Socket Tunneling Protocol (SSTP), is another popular VPN protocol that utilizes data tunneling. However, because it was initially for remote client access, SSTP does not support site-to-site connections via VPN tunnels. SSTP allows the transfer of Point-to-Point Protocol (PPP) traffic over an SSL/TLS connection protected at the transport-level. Also, the SSTP VPN protocol makes it possible to bypass most proxy servers and firewalls as it transfers data using the #443 TCP port.
SSTP is a cross-platform VPN protocol that is supported by Windows, BSD, and Linux. Also, there are third party clients that can make it work with macOS, iOS, and Android devices. Another good news is this: all Windows OS since Windows Vista Service Pack 1 and later have SSTP. It’s also in RouterOS 5.0 and Japan’s SEIL. This integration into the aforenamed platforms makes it possible to use SSTP with Winlogon or smart-card authentication technology for security.
Like OpenVPN, SSTP authenticates connections using a 256-bit encryption key and the 2048-bit SSL/TLS certificates for authentication. Users should, however, note that SSTP only supports user authentication, not a computer or device authentication.
Why are VPN Protocols Important?
Each VPN protocol, particularly the common ones discussed here, have their peculiarities. Below are the generic reasons why VPN protocols are necessary.
1. Serves as the core of commercial VPN services
The number of subscriptions enjoyed by a VPN service is often a function of security assurance, as provided by VPN protocols. Basically, no retail VPN service provider would be in business if the considered protocols were non-existent.
2. Encryption of users’ data
VPN protocols make it possible to transfer highly classified, confidential, or personal information across otherwise vulnerable networks. The NSA (as empowered by law) is notorious for exploiting all known network vulnerabilities in a bid to source information to ensure ‘national security’. VPN Protocols with strong encryptions like the AES 256-bit can protect internet users’ privacy from even the-almighty-NSA and similar bodies involved in cyber-surveillance.
3. Authentication before access
VPN protocols make it possible to confirm if it is secure to grant specific users access to data domiciled on your network or internet-enabled device.
4. Proprietary communication rules
For entities that have developed a proprietary VPN protocol, using one of the open-sourced frameworks, it becomes possible to establish a different set of regulations and rules for network connections and data transfer. This standard makes it difficult, maybe even impossible, for the internet community to assess the resources on such private networks.
We have shed some light on the various VPN protocols, their features, and drawbacks. Be on the lookout for your preferred VPN’s protocol(s) if you will be subscribing to one. This guide shows you the essentials to look out for.