A VPN is a complex piece of software that is used to create a secure channel between a client and a server. The communication between the VPN server and the VPN client is called the Protocol.
A Protocol defines a sequence of commands that sent between the client and the server. A protocol can be seen as a human language that defines rules and steps that need to be followed.
The concept of the VPN was created in 1996 by a researcher at Microsoft. Over the years, different protocols have been created. Some are still in use today, while others are regarded as unsafe, outdated and have now been superseded by newer Protocols like OpenVPN. Before diving into the different protocols, it is essential to note that there are two main types of VPN's
This type of VPN is used to allow a user to connect to a private network to be able to access resources. All the commercial VPN's used to unblock websites like HideMyAss, ExpressVPN, or NordVPN are Remote Access VPN's.
Site-to-Site VPNs are used to connect two private networks through the internet forming a large network that is joined by the VPN. VPN communication is done at the router level. Where one of the routers acts as a client and another router acts as a server.
We will cover the main protocols in use by commercial VPNs.
PPTP stands for Point to Point Tunnelling Protocol. It is the oldest of the VPN protocol developed by Microsoft in 1995 for dial-up connections.
The advantages of this Protocol are :
The disadvantage of such a protocol is that it is weak when it comes to security. It is normally based on 128-bit Mp>encryption which by today standards is regarded as very weak. Organizations like the NSA can easily decrypt and monitor the traffic of a PPTP connection.
This type of Protocol should not be used when there are security concerns; however, if you just want to unblock access to a site and you don't care about security than PPTP is a good option. It is also perfect when it comes to unblocking streaming services as it is fast when compared to more secure VPN protocols.
It is a recommended option is you want to access a streaming video service like Netflix.
SSTP stands for Secure Socket Tunnelling Protocol. It is a proprietary protocol developed by Microsoft. SSTP is far more secure than PPTP as it was based on AES encryption.
The main advantage of this Protocol is that it used the SSL protocol as a transport layer, which means that this Protocol will not be blocked by firewalls.
The disadvantage of this Protocol is that it is closed source. It can mainly be used with the Windows operating system.
L2TP & IPSEC are two different protocols that are used together to create a secure VPN Solution.
L2TP stands for Layer 2 Tunneling Protocol. This Protocol is used to create a tunnel between a client and the server. This communication tunnel is not encrypted, and it relies on encryption protocols like IPSEC to secure this tunnel.
IPSEC (Internet Protocol Security) is a secure Internet communication protocol and has the ability to authenticate the sessions between the server and the client and to encrypt all the data packets.
L2TP/IPSEC is far more secure when compared to PPTP; however, it is slower and complex to set up when compared to newer Protocols like OpenVPN.
It ideal in scenarios when newer protocols like OpenVPN are not available.
IKEv2 stands for Internet Key Exchange Version 2. It is a protocol that was built in collaboration between CISCO and Microsoft. This Protocol is based or rather coupled with IPSEC.
The IKE protocol is based on UDP making it very fast and also supports MOBIKE (Mobility and Multihoming Protocol) making it ideal when there are network changes.
Making it ideal for mobile devices where the network is unstable.
This VPN protocol is regarded the best when it comes to speed and security. So if you want to use a video stream and still make sure that the connection is secure IKEv2 is the best option.
The only disadvantage of this Protocol is that it used UDP on port 500. It is straightforward to block this Protocol by just adding a single firewall rule. In such situations, OpenVPN is your best option.
OpenVPN is open so source VPN solution that can be used to create point-to-point and site-to-site connections. Given that OpenVPN is based on the open source there is a large community backing it, that constantly works to improve the security and performance.
OpenVPN is based on both UDP and TCP. The UDP version provides much more performance when compared to the TCP version. It should be used in situations when performance is very important. On the other hand, the TCP version provides less performance however the it is far more stable.
The biggest advantage of OpenVPN is that it is based on SSL which means that all traffic passed on port 443. Making it very difficult to be blocked by firewall rules.
If you are behind a firewall OpenVPN is your best option. Another advantage of OpenVPN is that given that it is open source it is very easy to find client that supports it.
It is very important that you have some basic understand of the VPN protocols that you have at your disposal.