VPN Protocols create an encrypted connection between a VPN Client and a VPN Server. This encrypted connection is mainly in the form of a tunnel. The internet traffic of a user passes through this tunnel and hence is protected from prying eyes. There are different types of VPN Protocols such as PPTP, L2TP/IPSec, OpenVPN, SSL, TLS, and SSTP.
Each of them has their unique characteristics related to Security, Latency, and Adaptability. We examine each of them in depth in this article.
PPTP, also known as Point-To-Point Tunneling Protocol, was developed by Microsoft around two decades ago. It was an update on the Point to Point Protocol (PPP) which was prevalent on the internet in those days.
The PPTP encrypts data through PPP and sends it over a secure communication channel to the VPN Server. The PPTP creates a TCP, i.e., Transmission Control Protocol connection between the VPN Client and the VPN Server.
A TCP working in tandem with an Internet Protocol (IP) determine how a computer sends data over the internet. A Generic Routing Encapsulation (GRE) mechanism is used to encapsulate the data in packets.
These data packets are then routed to the destination through a tunnel where they are de-encapsulated. PPTP is present not only on Windows but also on Linux, iOS, Android and Mac operating systems.
It is easy to configure which is why it is popular among internet users even today. Besides, it is also one of the fastest VPN protocols available in the market.
However, it is an extremely old VPN protocol and so there are many security-related deficiencies. You should avoid using it if online anonymity and security are of utmost importance to you.
L2TP is an evolution of the PPTP developed by Windows. It combines the features of the L2F (Layer 2 Forwarding Protocol) developed by Cisco and the PPTP, developed by Microsoft.
L2TP does not have a VPN encryption feature hence it is combined with the IP Sec protocol, which provides the encryption. While the PPTP uses a 128-bit key, L2TP uses a 256 bit key for encryption.
This AES-256 bit key is today used by many governments to encrypt their sensitive and precious data. Moreover, L2TP supports all the operating systems launched after the Windows XP and MacOS 10.3.
The PPP is vulnerable when transmitting data packets between the VPN Client and the VPN Server. The L2TP adds an extra L2TP header with each data packet, as a result of which each data packet is doubly encrypted.
While this provides additional security, it also results in reduced speed while transmitting data. IPSec protocol is used for secure encryption of the data packets over the Internet. It primarily provides two security services.
The first one is the Authentication Header (AH). AH accounts only for the authentication of the data. The second is Encapsulating Security Payload (ESP). ESP encrypts as well as authenticates the data which is to be sent.
The IPSec has two modes of operation namely the transporting mode and the tunnel mode. The transport mode encapsulates only the IP (Internet Protocol) Payload for a secure communication channel.
While in the tunnel mode, the whole IP packet is encapsulated. So, the L2TP/IPSec protocol provides extra security benefits but lags behind slightly in speed.
OpenVPN is a relatively new protocol which supports open source technology. This means that in the event that a vulnerability comes up, users can quickly alter its source code to make it more robust.
Additionally, it can bypass almost all types of firewalls. One of its negative points is that it is difficult to configure and requires expertise. Like its counterpart L2TP, it uses an AES-256 bit key. It also makes use of both the TCP and UDP ports for transmission.
The TCP as mentioned above is a connection based protocol. TCP ensures this connection is maintained when applications are exchanging data back and forth. Moreover, TCP is also one of the most used protocols on the internet.
One of its main benefits is that it needs a confirmation of a data packet’s arrival before sending the next data packet. On the occasion that the confirmation fails to arrive, the data packet is resent. This feature makes it one of the most reliable protocols.
A UDP (User Datagram Protocol) on the other hand is preferred for high speeds while transmitting data. The UDP sends the data packets without bothering to check if they have reached their destination.
Due to the eliminations of such checks, it has fewer overheads and thus low latency. The above characteristics make UDP a much-used protocol for audio and video streaming data as well as for gaming.
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
In SSL and TLS, the web browser behaves as a client and the user is restricted to access a particular application and not the entire network. Usually, online service providers and retailers use SSL and TLS for their network security purposes.
The web browsers are already well integrated with SSL and TLS. Whenever a user tries to open a website, the client or browser forces the URL to HTTPS instead of HTTP. Here “S” stands for security and the SSL connection is marked by a handshake with the exchange of digital certificates.
These digital certificates contain encryption keys, through which the session is authenticated. Also, they help in creating a secure connection.
The Secure Socket Tunneling Protocol is developed by Microsoft and so it available only on Windows. It has been a feature of every Windows Operating Systems since Windows Vista.
An SSTP uses a 2048 bit key for encryption which is known for its safety and security. It sends internet traffic over a Secure Socket Layer (SSL) from which it derives its name.
SSL encrypts data by using a cryptographic system. It makes use of two keys, public key and private key for encryption. The information related to the public key is known to everyone, while the know-how about the whereabouts of the private key is limited to its recipient.
The SSL VPN enables every user to establish a secure internet connection from any web browser. SSTP is different from the SSL since SSTP is just a tunneling protocol.
SSTP uses SSL because SSL supports roaming instead of IPSec which is utilized for site-to-site configurations. SSTP uses the TCP port 443 for relaying the internet traffic.
The authentication to create a secure connection between the client and the server takes place only on the client’s side. The client’s side verifies the digital certificates provided by the server and only then approves the connection.
After that, the clients send its https request along with SSTP data packets. Unlike OpenVPN technology, SSTP is a proprietary technology, which means it may have vulnerabilities and issues which are not discovered.