You've probably heard this: "You need to use a VPN to protect your privacy!" Now, you're thinking: "Okay, but how does a VPN actually work?"

That's understandable. While everyone suggests using one, not many take the time to explain some of the core VPN technologies. In this article, we're going to explain what VPN protocols are, their differences, and what you should look out for.

What Is a VPN?

Before we look at specific VPN protocols, let's quickly remind ourselves what a VPN is.

At its most basic, a VPN allows you to access the public internet using a private connection. When you click a link on the internet, your request passes to the correct server, usually returning the correct content. Your data essentially flows, unhindered, from A to B, and a website or service can see your IP address, among other identifying data.

When you use a VPN, all of your requests are first routed through a private server owned by the VPN provider. Your request heads from A through C to B. You can still access all the data previously available to you (and more, in some cases). But the website or service only has the data of the VPN provider: their IP address, and so on.

There are many uses for a VPN, including protecting your data and identity, avoiding repressive censorship, and encrypting your communications. See our introduction to using a VPN to get started yourself. You can even set up a VPN on your router.

What Are VPN Protocols?

A VPN protocol determines exactly how your data routes between your computer and the VPN server. Protocols have different specifications, offering benefits to users in a range of circumstances. For instance, some prioritize speed, while others focus on privacy and security.

Let's take a look at the most common VPN protocols.

1. OpenVPN

OpenVPN is an open-source VPN protocol. This means users can scrutinize its source code for vulnerabilities, or use it in other projects. OpenVPN has become one of the most important VPN protocols. As well as being open-source, OpenVPN is also one of the most secure protocols. OpenVPN allows users to protect their data using essentially unbreakable AES-256 bit key encryption (amongst others), with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.

openvpn

In addition to providing strong encryption, OpenVPN is also available to almost every platform: Windows, macOS, Linux, Android, iOS, routers, and more. Even Windows Phone and Blackberry can utilize it, meaning you can set up a VPN on all your devices with it. It's also the protocol of choice among popular and easy-to-use VPN services like CyberGhost.

The OpenVPN protocol has faced criticism in the past due to low speeds. However, recent implementations have resulted in some boosts, and the focus on security and privacy is well worth considering.

2. L2TP/IPSec

Layer 2 Tunnel Protocol is a very popular VPN protocol. L2TP is the successor to the depreciated PPTP (for more details, see the PPTP section below), developed by Microsoft, and L2F, developed by Cisco. However, L2TP doesn't actually provide any encryption or privacy itself.

Accordingly, services that use L2TP are frequently bundled with security protocol IPsec. Once implemented, L2TP/IPSec becomes one of the most secure VPN connections available. It uses AES-256 bit encryption and has no known vulnerabilities (though the NSA has allegedly compromised IPSec).

That said, while L2TP/IPSec has no known vulnerabilities, it does have some slight flaws. For instance, the protocol defaults to use UDP on port 500. This makes traffic easier to spot and block.

3. SSTP

Secure Socket Tunneling Protocol is another popular VPN protocol. SSTP comes with one notable benefit: it has been fully integrated with every Microsoft operating system since Windows Vista Service Pack 1. This means you can use SSTP with Winlogon, or for increased security, a smart chip. Furthermore, many VPN providers have specific integrated Windows SSTP instructions available. You can find these on your VPN provider's website.

SSTP uses 2048-bit SSL/TLS certificates for authentication and 256-bit SSL keys for encryption. Overall, SSTP is quite secure.

SSTP is essentially a Microsoft-developed proprietary protocol. This means nobody can fully audit the underlying code. However, most still consider SSTP secure.

Finally, SSTP has native support for Windows, Linux, and BSD systems. Android, macOS, and iOS have support via third party clients.

4. IKEv2

internet Key Exchange version 2 is another VPN protocol developed by Microsoft and Cisco. On its own, IKEv2 is just a tunneling protocol, providing a secure key exchange session. Therefore (and like its predecessor), IKEv2 is frequently paired with IPSec for encryption and authentication.

While IKEv2 isn't as popular as other VPN protocols, it features in many mobile VPN solutions. This is because it is adept at reconnecting during moments of temporary internet connection loss, as well as during a network switch (from Wi-Fi to mobile data, for instance).

IKEv2 is a proprietary protocol, with native support for Windows, iOS, and Blackberry devices. Open-source implementations are available for Linux, and Android support is available through third-party apps.

Unfortunately, while IKEv2 is great for mobile connections, there's strong evidence that the NSA is actively exploiting IKE flaws to undermine IPSec traffic. Therefore, using an open-source implementation is vital for security.

5. PPTP

Point-to-Point Tunneling Protocol is one of the oldest VPN protocols. It is still in use in some places, but the majority of services have long upgraded to faster and more secure protocols.

PPTP was introduced way back in 1995. It was actually integrated with Windows 95, designed to work with dial-up connections. At the time, it was extremely useful.

But the VPN technology has progressed, and PPTP is no longer secure. Governments and criminals cracked PPTP encryption long ago, making any data sent using the protocol insecure.

However, it isn't quite dead... yet. You see, some people find PPTP gives the best connection speeds, precisely due to the lack of security features (when compared to modern protocols). As such, it still sees use for users simply wanting to watch Netflix from a different location.

6. Wireguard

Wireguard is the newest VPN protocol. It is open source and uses a much simpler codebase in comparison to other major VPNs. Furthermore, Wireguard VPN services are easier to setup than OpenVPN and include support for a broader range of encryption types and primitives.

The combination of encryption types and primitives and the smaller code base, along with other improvements, makes Wireguard one of the fastest VPN protocols. In addition, Wireguard is a better option for portable devices, "suitable for both small embedded devices like smartphones and fully loaded backbone routers."

The ChaCha20 encryption algorithm that Wireguard works well with mobile devices, too, offering faster speeds than AES and with fewer resources.

That means when you use a Wireguard protocol VPN, your battery should last longer than with other VPN protocols. Wireguard is "built directly into the Linux kernel," which should provide speed and security boosts, too, especially for internet of Things devices (many of which use Linux-based embedded systems).

Wireguard is available to all major operating systems, although interestingly, it was last to appear on Windows.

Let's Summarize the VPN Protocols

We've looked at the five major VPN protocols. Let's quickly summarize their pros and cons.

  • OpenVPN: Open source, offers the strongest encryption, suitable for all activities if a little slow at times
  • L2TP/IPSec: Widely used protocol, good speeds, but easily blocked due to reliance on a single port
  • SSTP: Good security, difficult to block and detect
  • IKEv2: Fast, mobile-friendly, with several open-source implementations (potentially undermined by NSA)
  • PPTP: Fast, widely supported, but full of security holes, only use for streaming and basic web browsing
  • Wireguard: Fast, open-source, with growing support among VPN providers

For complete security and peace of mind, choose a VPN provider that offers you a choice of protocol. Furthermore, MakeUseOf advises using a paid VPN solution, like ExpressVPN, rather than a free service. When you pay for a VPN, you're buying a service. When you use a free VPN, you've got no idea what they might do with your data.

Unsure where to start? Check out our list of the best VPN services. And here's what you should look for in a VPN provider. Furthermore, we must warn you that while they're mostly a safe solution, VPNs can be hacked. Learn what that means for your privacy.