Whether you’re using a VPN, looking to start using one, or have casually browsed articles related to virtual private networks, you’ve no doubt gotten a sense of the importance of protocols in this ecosystem.
Most VPN services allow you to choose from a variety of protocols; most will pick one for you as a default. But you’re probably better off knowing how secure each one is, its pros and cons, and which could be best suited for your needs. So here’s our rundown of the most common protocols on offer.
A FEW WORDS ON VPNS
Before we get into dissecting encryption, let’s do a quick recap on VPNs. A VPN service runs a number of servers across the world; the aim is to be able to reroute your data and obscure its origin – and, consequently, your location – as well as its destination from web services and internet providers respectively. This allows you to access geo-restricted content and makes it far less easy for anyone to track your online activity. But another, equally important feature to privacy is encryption.
Still unclear on how VPNs work? Check out our Beginners’ Guide to VPNs.
WHAT IS ENCRYPTION EXACTLY?
Simply put, encryption is the process of concealing data by converting it into code, code that looks like gibberish to anyone that does not hold the right ‘key’. The key is a mathematical algorithm, a formula used to scramble and unscramble your data. So only those that hold the key – your VPN and yourself – can lock and unlock the code.
NOT ALL PROTOCOLS ARE BORN EQUAL
There are quite a few different methods of encryption out there. Perhaps the two most important criteria to consider when evaluating an encryption process are security – i.e. how hard it is to decipher – and speed.
Roughly, there are five major protocols in use by VPNs today. Those are OpenVPN, L2TP/IPSec, SSTP, IKEv2, and PPTP. Let’s look at each one in detail.
As the name implies, OpenVPN is an open-source VPN protocol. This means that anyone can access its source code and potentially expose vulnerabilities. There is a general consensus that it is the most secure protocol, and is the default protocol for most VPNs.
It isn’t easy to set up manually, nor is it the fastest. The former bit isn’t a big issue though; most VPN apps take care of the setup themselves, meaning that no manual configuration is required. Speed isn’t a deal breaker either; as we stated, it isn’t the fastest, but it’s surely far from being the slowest.
An upgrade to PPTP (more on that later), L2TP stand for Layer 2 Tunneling Protocol. The protocol does not offer any encryption itself, so it is paired with IPsec, a network protocol suite that encrypts data. It is quite secure though – similar to OpenVPN, it employs a AES-256 bit encryption technique.
It’s not great at breaking firewalls though. It is also a tad slower than OpenVPN, as it’s a two-step process: the data must be converted into L2TP form and then encrypted with IPsec. Finally, we should mention that there have been unsubstantiated claims that the protocol has been compromised – in 2013, it was revealed that the National Security Agency, a US intelligence agency, was attempting to insert vulnerabilities into it.
Internet Key Exchange version 2 is particularly well suited for mobile devices since it is good at reconnecting following a drop in your connection – think stuttery internet connections, driving through tunnels or in remote areas, or switching between a mobile and wifi connection. Naturally, IKEv2 is featured in many mobile VPN suites.
Similar to L2TP, IKEv2 is merely a tunneling protocol, therefore, it is usually used in conjunction with IPSec for encryption, so the same security caveats listed above apply here as well. IKEv2 is fast but not as fast as OpenVPN.
Secure Socket Tunneling Protocol is a proprietary Microsoft protocol, making it a very good option for machines running the Windows operating system: it’s integrated into the system, making it more stable than other protocols when it comes to Windows machines. It is highly secure as well, and much less susceptible to blocking by firewalls than L2TP.
It is only natively available on windows; aside from macs, it can run on other systems through third-party apps.
The oldest and most vulnerable protocol. It has been failing security analyses since it was introduced in 95. So why is it still around?
Well, PPTP is arguably the easiest to set up and fastest protocol around. But you SHOULD NOT use it unless security isn’t a concern for you.
So here are our conclusions: OpenVPN is probably your best bet. You should choose SSTP if you can’t use OpenVPN and are using a Windows machine. IKEv2 is a better choice than L2TP/IPsec. And don’t use PPTP unless you have to.