A Complete Guide to VPN Protocols

Virtual Private Networks (VPNs) have become increasingly popular over the years as the increased need for digital privacy arose. There are many reasons why people get VPNs but they all revolve around the need for security or privacy.

There are various needs for users to access different locations via their devices. This can be to access ones favorite website or to send secure data. Every time you access a new location the right people can determine where you came from, who you are, and what you are sending.

This obviously poses privacy/security issues. VPN encryption provides a means for users to interact with servers and other computers in encrypted ways. By doing so, one can ‘hide’ where they came from and who they are, thereby remaining invisible to prying eyes.

VPN Protocols 

VPN encryption is determined by the VPN protocols used by various VPN services. The most used VPN protocols are PPTP, L2TP, OpenVPN, SSTP, and IKEv2.

Each of these protocols has their own benefits and drawbacks. Designed the perfect balance of encryption and practicality is difficult. The higher level encryption used, the longer processing time required before a connection can be established.

Users are attracted to fast connection speeds, so therefore VPN encryption must always be balanced with the usability to ensure that the service remains competitive. 

PPTP

Point-to-Point Tunneling Protocol (PPTP) is the original giant of VPN protocols. It was created by Microsoft and was one of the leading protocols for businesses. It makes use of MS-Chap v2 and Microsoft Point-to-Point Encryption (MPPE).

It was a protocol that became very popular and had a huge advantage in requiring very low computation power meaning it was very fast. However, PPTP popularity took a knock when the security was brought into question and proven to be insecure.

Anyone who had used the PPTP protocol had exposed their data to an insecure protocol and therefore was at risk for having their data read by unwanted sources. This is the main reason for the lack of growth in this protocol.

This protocol is no longer recommended because of its lack of focus on VPN encryption. For those that have no other choice, you can still use PPTP but even Microsoft has come out and recommended using other VPN protocols such as L2TP or SSTP. 

L2TP

Layer 2 Tunneling Protocol (L2TP) was the next protocol to become used in most devices worldwide. You are likely to own a device that can make use of this protocol.

L2TP itself does not focus on VPN encryption but solely on establishing a connection. By itself, L2TP is not practical for this reason, but it is used alongside IPsec authentication suite which provides arguably impregnable encryption.

Two types of ciphers can be used by this protocol: 3DES or AES. Although secure in most regards, 3DES is no longer impregnable and is vulnerable to ‘meet-in-the-middle’ and ‘sweet32’ attacks. They have therefore lost popularity and they are almost never seen in real life applications anymore.

AES ciphers are the main ones used and most people consider them completely secure. There have been recent conspiracies surrounding IPsec and whether or not certain parties have been able to break through their encryption. These claims are still unsupported and you should feel comfortable to make use of L2TP/IPsec.

L2TP gained popularity for its speed. Theoretically, this is the fastest VPN protocol available. It offers multi-threading which means they can complete various actions simultaneously. This allows for seemingly complex procedures to be completed in shorter times, therefore, improving the connection speeds.

Some VPN services have been criticized for their implementation of the L2TP/IPsec VPN protocol. These critics say the lack of security in IPsec is only due to certain services not ensuring that all the encryption keys used are not pre-shared. Using pre-shared keys is faster but can lead to scams which allow hackers to invade secure servers. 

OpenVPN

OpenVPN has become increasingly popular in recent trends but it has been around for some time. People are increasingly interested in the security of their connections and OpenVPN is a highly secure protocol that provides fast connections and is easily configured.

Commercial VPN services are mainly using OpenVPN technology and it is compatible with most modern devices.

OpenVPN is a collection of various technologies of which OpenSSL library and TSL protocols is part of. OpenSSL is responsible for the generation of ciphers and has access to various options but mainly uses both blowfish and AES.

Although it is theoretically not as fast the L2TP it is not always the situation and OpenVPN is still considered a fast technology. Along with its speed, the fact that it is far more secure than L2TP gives it the upper hand. It’s only weakness is the fact that it is not found by default on any device and you will need to download it from third-party sources.

Up until now, there are no weaknesses that threaten users of OpenVPN technology.

SSTP

This protocol is an interesting topic because of its advantages that are overshadowed by its potential security flaws. It runs very similarly to OpenVPN and makes use of SSL v3.0.

No one doubts its speed, but the reliability of its security is what has been called into question. Many people do not like the fact that SSTP is a proprietary standard owned by Microsoft and the fact that SSL v3.0 is vulnerable to POODLE attacks. 

IKEv2

Another fast protocol is IKEv2. This protocol was designed specifically for use as a tunneling protocol but has since been used for VPN services when paired with authentication technology, like IPSec.

This protocol was developed by Microsoft in conjunction with Cisco. There are open source versions available for those that are sceptical of Microsoft’s involvement in any VPN technology.

There is debate as to why this protocol is not used more because most find it a reliable and fast alternative to L2TP and OpenVPN. It is, however, not supported by as many platforms which limit its reach.

 

We will be happy to hear your thoughts

Leave a reply