VPNs work on protocols, and these are highly important to know. They may sound like they are too technical to understand, but further reading about them reveals that this is not the case. Choosing the right one is very important, because your security and speed of surfing will depend on the protocol you are using.
The protocols work in form of tunnels, where your online traffic going in and out of your device can go through. These tunnels have different attributes; some have high security levels, while others offer great speeds, and so on – and this is a trait that you will find in good VPNs, such as the best USA VPNs.
There are plenty of protocols that are available, with each having different capabilities and strengths. Some are friendly to mobile devices, while others need to be installed in Wi-Fi routers. Some will also have better protocol security for internet connections – so despite the protocol, you will need to choose one that works for you if you want the best user experience.
The types of protocols
PPTP – the fastest, but not as secure
An abbreviation of Point-to-Point Tunneling Protocol, this is an older tunneling method in VPN encryption. It originated from Microsoft, and is quite old – its first use was in Windows 95. That does not mean it is not in popular use even today, even though experts in cyber security will tell you it has a well-known vulnerability to the ASLEAP dictionary attack tool that came up in 2004 and rendered it outdated.
With this in mind, you might wonder why it is still popular. The reason is because Windows still integrates it into their systems, and it is also common in macOS and Linux distributions.
PPTP will enable an encrypted tunnel to form between the VPN server and the PC, through the use of GRE (General Routing Encapsulation) and TCP port 1723. This makes it very easy to setup, and it also has very fast speeds. However, it has plenty of security concerns, some which go back to 1998. If you are a modern user of the internet, it is best to avoid it.
L2TP/IPSec – best for P2P file sharing
L2TP is an abbreviation for the Layer Two Tunneling Protocol, and is considered an upgrade of the PPTP protocol. This is because it combines PPTP with the Cisco-developed protocol L2P. L2TP lacks an integrated form of encryption, so that is where the IPSec (internet protocol security) come in to beef it up.
Unlike the PPTP, which uses 128-bit key for its security (quite low by modern standards), L2TP/IPSec has 256-bit key, making it secure enough to use in very confidential and top-secret communication. It is also a recent VPN protocol, as it has been in use in Windows since the XP operating system, as well as mobile operating systems and the macOS 10.3 and higher.
You should note that L2TP will need additional overhead because of its 256-bit encryption levels, as well as its double encapsulation. It is also more challenging to configure, and can be considered as a more secure option.
SSTP – good for Microsoft users
Also referred to as the Secure Socket Tunneling Protocol, it is controlled and owned by Microsoft, which explains its other name MS-SSTP. Unsurprisingly, it is also only available on the Windows platform, particularly Windows Vista and later Windows operating systems.
The name is due to the protocol routing traffic through the SSL (secure sockets layer) protocol, which utilizes the TCP port 443. However, it is likely to suffer blocking from proxy servers and firewalls, which limits the uses you can do with it. The good news though is that it is among the most secure protocols you can use.
OpenVPN – combines both security and speed
Unlike all the other protocols on this list, this is considered to be an open source type, as its creator is James Yonan. It is also published under the General Public License GNU, which makes it different from other protocols. What this does is to provide the community access to its source code and rectify any mistakes it may have, instead of allowing potential backdoors and flaws to be present in its code.
To increase its security level, it uses TLS/SSL for its pre-shared key exchange, as well as OpenSSL that uses 256-bit encryption.
It comes in 2 types: OpenVPN UDP and OpenVPN TCP. You might not find your VPN provider giving you a choice between the two, although some will do so – even though they do not explain much on their differences. For a breakdown, here are some differences between the two:
- OpenVPN TCP uses the Transmission Control Protocol, which creates some rules alongside the Internet Protocol (IP) to determine the exchange of data between devices. It must keep the connection between devices active, so that it allows applications to exchange data. It is also the most used connection type on the internet, and uses integrated error correction (where it must confirm the delivery of data packets before allowing subsequent ones to pass through) or resending them if it fails.
- On the other hand, an OpenVPN UDP uses the User Datagram Protocol. It targets low-latency data transmission, unlike TCP, so it will emphasize the delivery of data rather than reliability of the transmission. It will also experience lower latency and less overheads, so it is best when you are doing streaming of videos and audio, or gaming.
WireGuard – not as well-known, but growing
This is an upcoming protocol that has the benefit of being easier in its setup compared to OpenVPN, due to its simpler code base. It also has plenty of advantages, such as faster connection time, up-to-date encryption standards, faster speed, and higher reliability.
There is plenty of interest from VPN service providers, though with some caution. Therefore, you might not see your provider offering it to you, though this might change as time goes and more people see its advantages.
When using a VPN, you cannot know if the service you use is completely safe, even though you want it to be. The choice of protocol will depend on what you want to achieve, as you might have far less security requirements than governments trying to find protocols to keep their communication safe. By knowing what each encryption type can do, you can use them in greater confidence and know what works best.