With privacy becoming ever so elusive in our online lives, data protection has become a growing concern for many. That is why almost a third of internet users today use a VPN. VPN stands for “virtual private network” and works by creating a safe tunnel which allows sending encrypted data from your device to a remote server. VPN services use a number of different VPN protocols for encryption and authentication. Protocols determine how your data is routed through a connection. Naturally, these protocols are not created equal and they all have different rule sets which affect the performance and level of privacy of the VPN service.
Which protocol you’ll choose depends mainly on your reasons for using a VPN. Is it to surmount censorship and access social networks? Are you wary of using open Wi-Fi hotspots in public places, especially when shopping or banking? Or maybe you just want to protect your anonymity while browsing? Different use cases may require the use of specific protocols, each with their own pros and cons when it comes to the security provided, speed and stability of the connection. So before choosing a VPN service, here is what you should know about the different protocols and how to find the one which fits your needs best.
Point to Point Tunneling Protocol (PPTP) is one of the oldest widely-used tunneling protocols. It was developed by Microsoft in the 1990’s and its main purpose was to encrypt data when transmitting it via dial-up connection. While PPTP is very fast, with the advance in technology it has become less and less secure and it can easily be cracked. It’s great for accessing geo-restricted content and video streaming thanks to the high speeds, but not recommended for protecting your privacy.
Pros: Fast and easy to set up. Universally supported.
Cons: Poor overall security.
Layer 2 Tunneling Protocol (L2TP) is often combined with Internet Protocol Security (IPSec). The role of L2TP is to establish a secure connection, while IPSec is tasked with data encryption. L2TP/IPSec was developed by Microsoft and Cisco in the 1990s and is supported by most modern computers and mobile devices. This makes it easy to set up and run, but it does have some drawbacks - namely, it can be easily blocked by firewalls, unless some additional configuration is performed. While PPTP is fast, but not secure, L2TP/IPSec is slower, but uses robust encryption. It doesn’t have any major known vulnerabilities, but some users may be concerned by the fact that the NSA helped develop IPSec.
Pros: High-level encryption. Widely supported by modern devices.
Cons: Encapsulates data twice, making it slow. Can easily be blocked by firewalls.
Secure Socket Tunneling Protocol (SSTP) is another protocol developed by Microsoft and is fully integrated with every Microsoft operating system since Windows Vista SP1. It is mainly thought of as a Windows-specific solution, but it can be run on Linux as well. SSTP uses 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption, which makes it sufficiently secure. Unlike L2TP/IPSec, SSTP has no problem bypassing firewalls with no complicated additional setup required. One of its major drawbacks is the fact that it is a proprietary solution and its code cannot be audited independently.
Pros: Good security. Harder to detect and block by firewalls. Integrated into Windows OS.
Cons: The code is not available for testing. Primarily supported by Windows systems.
Key Exchange volume 2 (IKEv2) was developed by Microsoft and Cisco and like L2TP, it is often used together with IPSec, which provides encryption and authentication. IKEv2 was built with focus on speed, security and, above all, stability. This protocol uses IPSec tools to help maintain VPN connection when switching networks and quickly reestablishes the link if the connection is temporarily dropped. This makes it an ideal solution for mobile devices, which often alternate between Wi-Fi hotspots and mobile data. Windows, macOS and iOS devices have native IKEv2 support, while Android users need to install third-party apps in order to use the protocol.
Pros: Fast and very secure. Great at maintaining stable connection while on the go. Has open-source versions available.
Cons: Can be blocked by firewalls if the default settings are used. Only some Android versions are supported.
OpenVPN was released in 2001 and it has become one of the most popular open-source VPN protocols on the market. It is used by many paid VPN providers and runs on either TCP (best for security and when a stable and reliable connection is needed) or UDP (best for low-latency transmission of data, such as for video and audio streaming and online gaming). Its high level of security is probably the greatest advantage of OpenVPN as it can run most encryption protocols. It is also available for almost any operating system, although support is not built-in. OpenVPN works on devices running Linux, Windows, macOS, iOS and Android, among others. Additionally, it is difficult to detect and block by firewalls. Since it is open-source, the code can be audited by anyone for flaws.
Pros: Open-source. Very secure. Can bypass firewalls. Can be configured for different uses, making it highly versatile.
Cons: Requires additional user clients in order to work properly. Slightly more difficult to configure.
WireGuard is one of the newest open-source VPNs and also one of the fastest. While it’s still in development, it’s already available for all major operating systems. WireGuard is very lightweight and has only 4000 lines of code, which means higher speeds and less room for errors and vulnerabilities. It uses state-of-the-art cryptography with a variety of protocols and primitives to choose from. WireGuard is simple and easy to use and is capable of roaming between IP addresses.
Pros: Open-source. One of the fastest VPN solutions out there. Very secure.
Cons: The protocol is still very new in spite of it being fully released to the public and having undergone sufficient testing.
SoftEther VPN started as an academic project in the University of Tsukuba, Japan. It is an open-source, easy to use multi-protocol VPN software with resistance against firewalls. Arguably, it is faster than OpenVPS and has low memory and CPU usage. The SoftEther VPN software also has its very own VPN protocol - SoftEther protocol, which uses SSL for secure VPN client-server communications with many technological improvements to attain better security and higher speeds. The software runs on Windows, Linux, Mac, FreeBSD and Solaris and aims to present an alternative to OpenVPN and Microsoft's VPN servers alike.
Pros: Free and open-source. High speeds, stability and very good security.
Cons: Can be more difficult to configure correctly. Requires additional user clients in order to work appropriately.
Make an informed choice
Sadly, there is no one-size-fits-all solution when it comes to VPN protocols but we hope this article makes it a bit easier to choose the best one for your needs. Whether you value speed or privacy, stability or ease of use, there is a protocol out there that will make your browsing secure and hassle-free.
Now that you are well informed of the advantages and the potential downsides of the most widely-used VPN protocols, check if the ones you like best are supported by the VPN provider you plan on using (if any). And keep in mind that using a provider you can trust is just as important for your privacy as the choice of protocol.