svpt-ptnbitfresende

VPN Protocols Compared: Choosing a Suitable Protocol

VPN Trophy with VPN IconIn this modern era of the internet, online privacy and security is more relevant than ever. It’s impossible to go more than a few days without seeing news related to data leaks, security breaches, or censorship. One benefit of this continuous deluge of reports is that it has caused an increasing number of people to take a more active role in their personal online privacy.

One of the most straightforward methods of doing this is through the use of a virtual private network, or VPN. A VPN hides your identifying information by sending your traffic through a remote network before continuing on to the destination. Your information is subsequently masked by the information of the VPN. There are several different VPN protocols. While some are more common than others, there is not a one size fits all solution. In this article, we provide a brief overview of the major VPN protocols to help you decide which one is best suited to your needs.

Large line

Why use a VPN?

There are three main reasons that people choose to use a VPN: privacy, security, and access to blocked content. As mentioned above, VPN traffic cannot be traced back to you, thus increasing your privacy through anonymity. Additionally, VPN traffic is encrypted, securing your data from unauthorized third parties. Finally, VPNs allow you to access content that has been blocked in certain geographical regions. This is done by selecting a network from within the content’s host country, bypassing the geo-lock.

Large line

Comparing the top 5 VPN protocols

VPN protocols generally run on one of two types of ports, TCP and UDP, each with its own strength. TCP, short for Transmission Control Protocol, is generally more reliable because it checks for errors. Data packets that don’t make it through intact are sent again, resulting in a slower but more stable connection. UDP, or User Datagram Protocol, is faster than TCP but it doesn’t retransmit lost data packets.

Large line

PPTP

Point to Point Tunneling Protocol, or PPTP, is perhaps the most ubiquitous protocol, largely due to having been the built-in protocol on Windows systems since the days of Windows 95. Though it runs on a TCP port (1723), PPTP is known for being quite fast and thus good for streaming media. It operates on a wide range of systems, including older machines. However, being the legacy protocol it is, it’s notoriously insecure and not recommended if security is at all a priority.

Large line

SSTP

The Secure Socket Tunneling Protocol runs on TCP port 443. It was created by Microsoft so it only works on Windows machines. Operating on the Secure Socket Layer (SSL), SSTP can easily avoid firewalls and is known for its security and reliability. However, it should be noted that Microsoft has close ties to the NSA, and may have included a “backdoor” in Windows. On paper SSTP is very secure, but it ultimately depends on how much confidence you have in Microsoft and the various security agencies around the world.

Large line

L2TP/IPsec

Like PPTP, Layer 2 Tunneling Protocol is widely implemented in all VPN compatible operating systems and is easy to set up. Because it doesn’t have its own traffic encryption, L2TP is often combined with the IPsec protocol in order to provide the necessary privacy and security. One primary drawback of L2TP is that It runs on UDP port 500, which is often specifically blocked by firewalls. It is also slower than other UDP protocols, namely OpenVPN.

It might also be worth noting that, while L2TP/IPsec is considered to be very secure for most uses, Edward Snowden once alleged that it may have been compromised by the NSA and other government security agencies.

Large line

IKEv2

Internet Key Exchange Version 2 was jointly developed by Microsoft and Cisco, and is called VPN Connect by Microsoft. Running on UDP port 500, IKEv2 is faster than all of the above protocols, though it can still be subjected to the same firewall blocking as L2TP. It’s biggest strengths are its security and reliability. It reconnects easily after losing a connection or switching networks, and supports ciphers like AES 256 and 3DES. It is not compatible with all platforms, but it does support Blackberry devices which are known for their security.

Large line

OpenVPN

Finally we have OpenVPN, an open source VPN that runs on both UDP and TCP ports, and our choice for the best general option. Being open source means that its source code is reviewable by anyone, so vulnerabilities can be brought to light and fixed as soon as possible. It supports a number of ciphers like AES, 3DES, Blowfish, Camellia, and more, making it perhaps the most secure protocol available. OpenVPN can be run on any port, allowing it to easily avoid firewall blocks. While it isn’t supported on every device, it is supported on the most popular systems. It is used as the default protocol by some VPN providers such as ExpressVPN.

Large line

VPN Protocols: A quick summary

Pros Cons
PPTP – Very easy to use
– Fast
– Not that secure
SSTP – Windows integration and Microsoft support
– Easy to bypass firewalls
– Not the fastest
– Security level is debatable
L2TP/IPSec – Easy to use
– Supported on all devices
– Considered by many to be very secure
– Slower than other UDP protocols
– Blocked by some firewalls (requires port forwarding)
– Possibly compromised by government agencies
IKEv2 – Very secure
– Very stable
– Easy to set up
– Supports Blackberry devices
– Limited platform support
– Can be blocked by firewalls on port 500
OpenVPN – Open source and community supported
– Can operate on any port to bypass firewalls
– Very secure
– The default protocol for some VPN providers
– Not the easiest to set up
– Not supported on every platform

Large line

Conclusion

In most cases VPN software will allow you to switch between VPN protocols fairly easily. This means that you don’t have to worry about the setup as much. That said, most VPN providers use OpenVPN by default. This is probably the best and safest default option for everyday VPN use. If your needs differ from that of the general population, you might try out some of the other protocols, though we advise caution when doing so.