Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Which VPN protocol is the best?
#1
Quote:We explain what a VPN protocol is and what it does. We also compare the strengths and weaknesses of the most common protocols, including OpenVPN, WireGuard, IKEv2, PPTP, and L2TP.

Before you trust a VPN to protect your Internet activity, you need to make sure they’ve put in place the necessary safeguards. Evaluating the more technical aspects of a VPN can be difficult, especially for the average user. It often means users are struggling to understand an alphabet soup of different acronyms. 

We have begun a series of posts where we explain some of our security measures so that people can make more informed decisions. Our first post explained what HMAC SHA-384 means. This post will investigate VPN protocols, what they do, how they work, and what it means if a VPN service uses OpenVPN over L2TP, for example. This post delves into some of the inner workings of VPNs. While we try to explain terms clearly, this post will be more useful if you come in with some basic technical knowledge. If you don’t already know how a VPN works, click here.

VPN Protocols

VPNs rely on what is called “tunneling” to create a private network between two computers over the Internet. A VPN protocol, also known as a “tunneling protocol,” is the set of instructions your device uses to negotiate the secure encrypted connection that forms the network between your computer and another.

A VPN protocol is usually made up of two channels: a data channel and a control channel. The control channel is responsible for the key exchange, authentication, and parameter exchanges (like providing an IP or routes and DNS servers). The data channel, as you might have guessed, is responsible for transporting your Internet traffic data. Together, these two channels establish and maintain a secure VPN tunnel. However, for your data to pass through this secure tunnel, it must be encapsulated.

Encapsulation is when a VPN protocol takes bits of data, known as data packets, from your Internet traffic and places them inside another packet. This extra layer is necessary because the protocol configurations your VPN uses inside the data channel are not necessarily the same as the ones that the regular Internet uses. The additional layer allows your information to travel through the VPN tunnel and arrive at its correct destination. 


PPTP
Point-to-Point Tunneling Protocol (PPTP) is one of the older VPN protocols. It was initially developed with support from Microsoft and, thus, all versions of Windows and most other operating systems have native support for PPTP.  

PPTP uses the Point-to-Point Protocol (PPP), which is like a proto-VPN in itself. Despite being quite old, PPP can authenticate a user (usually with MS-CHAP v2) and encapsulate data itself, letting it handle both control channel and data channel duties. However, PPP is not routable; it cannot be sent over the Internet on its own. So PPTP encapsulates the PPP-encapsulated data again using generic routing encapsulation (GRE) to establish its data channel.

L2TP/IPSec


Layer two tunneling protocol (L2TP) was meant to replace PPTP. L2TP can handle authentication on its own and performs UDP encapsulation, so in a way, it can form both the control and data channel. However, similar to PPTP, it does not add any encryption itself. While L2TP can send PPP, to avoid PPP’s inherent weaknesses, L2TP is usually paired with the Internet protocol security (IPSec) suite to handle its encryption and authentication. 

IPSec is a flexible framework that can be applied to VPNs as well as routing and application-level security. When you connect to a VPN server with L2TP/IPSec, IPSec negotiates the shared keys and authenticates the connection of a secure control channel between your device and the server. 

IKEv2/IPSec


Internet key exchange version two (IKEv2) is a relatively new tunneling protocol that is actually part of the IPSec suite itself. Microsoft and Cisco cooperated on the development of the original IKEv2/IPSec protocol, but there are now many open source iterations. 

IKEv2 sets up a control channel by authenticating a secure communication channel between your device and the VPN server using the Diffie–Hellman key exchange algorithm. IKEv2 then uses that secure communication channel to establish what is called a security association, which simply means your device and the VPN server are using the same encryption keys and algorithms to communicate. 

OpenVPN

OpenVPN is an open source tunneling protocol. As opposed to VPN protocols that rely on the IPSec suite, OpenVPN uses SSL/TLS to handle its key exchange and set up its control channel,  and a unique OpenVPN protocol to handle encapsulation and the data channel. This means that both its data channel and control channel are encrypted, which makes it somewhat unique compared to other VPN protocols. It is supported on almost all major operating systems. 

WireGuard

WireGuard is an open source VPN protocol that is currently under development. Its goal is to make a much simpler and more streamlined tunneling protocol, which should lead to a faster, more efficient, more secure, and easier-to-use VPN.

Other important terms

Going through the comparisons of the different VPN protocols, you may have encountered acronyms or technical terms that you were not familiar with. We explain some of the most important ones here.

READ THIS INFORMARTIVE ARTICLE HERE
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)