VPN Protocols - An Extensive Overview
A virtual private network (VPN) enables you to combine a number of advantages. They secure your connection, allowing you to be anonymous online when accessing sensitive corporate or client data, all the while helping to keep your work processes flexible, irrespective of where you physically are.
What is a VPN Protocol?
Our goal is not to overwhelm you with a lot of IT details, but rather, to introduce you to the basic concepts underlying the usage of VPNs. A protocol determines how two devices communicate with one another, in our case, the VPN provider's client (installed on your computer, smartphone, or device) and the provider's VPN server. As such, the protocol functions as a kind of language these devices use to communicate with one another.
There is also a specific feature of VPN protocols, namely, their 'language' relies on the encryption of the data which is transmitted back and forth. To ensure this, each device authenticates the protocol of the other.
Alongside the five most commonly-used protocols we introduce below, there are further, less well-known protocols as well.
The Point-to-Point Tunneling Protocol (PPTP) was developed by Microsoft, which long used it for their own internal VPN. PPTP relies on several authentication methods, and compatible with nearly every device. Implementation is relatively simple for both for the end-user and for severs, helping PPTP to maintain its status as a favorite among VPN providers.
Unfortunately, over the past few years, a number of security flaws have been uncovered, which show that PPTP has long been compromised by the US National Security Agency (NSA). As a result, Microsoft, among others, have warned users against using its usage.
We also strongly advise against using PPTP, despite its ease of use.
Functions on all platforms
Not secure - even its developer, Microsoft, advises against its use
Compromised by the NSA
L2TP and L2TP/IPsec
The Layer 2 Tunnel Protocol (L2TP) is the only VPN protocol that does not have integrated encryption. For that reason, it is only used in combination with IPsec. It is included in all modern platforms and configuration does not take longer than PPTP.
The only known problem with L2TP is that it uses UDP port 500. Firewalls often block this port by default, however, you can manually work around this through using port-forwarding.
Data transfers with L2TP are somewhat slower than with other protocols, and even though there are no known security flaws, experts warn that security services would not have a great deal of difficulty cracking L2TP connections.
If properly implemented, highly secure
Compatible with all devices
Slower than other protocols
Blocked by most firewalls
Suspected of being compromised by the NSA
With the launch of Windows Vista, Microsoft unveiled the Secure Socket Tunneling Protocol (SSTP). This protocol is almost exclusively used on Windows and Windows servers. For Windows users, it is especially easy-to-configure, since the protocol is already integrated into the operating system.
However, this SSTP is still a designed, rather than open-source standard. It is known that Microsoft has cooperated with security services in the past, a fact that should be enough to cause users to be wary of SSTP.
Nevertheless, the protocol remains very secure, stable, and easy-to-use in conjunction with firewalls.
Can work around most firewalls
Provides high security
Integrated in Windows
For HTTP, uses port 443
Only functions on Windows devices
The Internet Key Exchange version 2 (IKEv2) is a VPN protocol based on IPsec technology. This standard can also be found on popular business smartphones, such as Blackberries.
One major advantage for users is that connections which are lost are automatically re-established. This makes IKEv2 particularly favored for mobile devices.
Safest connection method
Highly stable, even with network changes or lost connections
Faster than L2TP, SSTP, and PPTP
Difficult to configure for servers
Uses port 500, which is easy to block
As its name implies, OpenVPN is an open-source and relatively new solution. It uses the SSL3/TLS protocol to ensure that connections are secure. The biggest advantage of this protocol is its high configurability. In some cases, you can select the port that is communicated with, helping reduce the danger of port blocking.
Since the upgrade to AES and 128-bit encryption, OpenVPN has handled large data packets particularly well, and is regarded as the gold standard in encryption.
In general, transfers with OpenVPN are very fast, and not compromised by any security services.
For these reasons, we recommend using OpenVPN.
Can work around most firewalls
Can be perfectly configured for most mobile devices
WireGuard is the newest 'kid on the block' in the world of VPN protocols, which we've introduced in its own article.
Choosing the Right Protocol
Despite a number of weaknesses, most protocols are relatively secure, with the sole exception of PPTP, which we strongly recommend against using, owing to its known issues.
L2TP combined with IPsec is an excellent choice for non-critical connections. It provides speed, is easily configured, does not require any additional software, and is compatible with most mobile devices.
When you have the opportunity to use OpenVPN, you should. It's reliable, fast, and secure. To properly configure it, professional help is likely to be necessary, however, this should be seen as an investment in your security and privacy.
Should you have a Blackberry device, IKEv2 is a good option. It's fast, secure, and particularly geared towards use on mobile devices, since it automatically re-establishes lost connections.
SSTP is only really an option if you're using Microsoft, or a Windows device, and even then, we'd highly recommend switching to a different protocol.
Third-party software is, in general, reliable. Should you still be looking for a suitable VPN, we recommend taking a look at our comprehensive VPN review, which shows how 17 of the most well-known VPNs stack up against each other.