Last Updated on August 6, 2021 by VPNPioneer
You wonder which VPN protocol should you use? In this blog post I will show you 4 protocols and give you advice which VPN protocol you should use to stay safe on the internet.
A VPN tunnel provides anonymity and security when using the internet by encrypting the data that a user’s computer sends to the VPN server at the other end. However, as the users know from the older WEP protocol for Wi-Fi encryption, outdated protocols can be compromised, and may not offer enough in terms of data security.
Therefore, users need to be aware of the various VPN protocols, in order to make sure that their provider supports the newer, more secure ones, while avoiding the older, less secure protocols. These VPN protocols including PPTP, L2TP and SSTP all draw upon the mechanics of the original Point-to-Point Protocol (PPP). PPP summarizes the IP packets of data, and then transmits them to the server at the other end. PPP is an older protocol, made to establish a VPN tunnel between dial-up clients for connection to a network access server.
So, here is a detailed information given in the below lines which tells what are the best VPN protocols, and which are best avoided. They are like:
The PPTP (Point-to-Point Tunneling Protocol)
The Point-to-Point Tunneling Protocol (PPTP) is an older method of VPN encryption designed by Microsoft, which goes all the way back to Windows 95.
It is still popular today, despite a known susceptibility to the ASLEAP dictionary attack tool dating back to 2004 that pretty much made it outdated or should have.
But, it is still popular because PPTP is integrated into Windows, as well as Linux and Mac OS. PPTP enables the encrypted tunnel between the PC and VPN server using TCP port 1723 and General Routing Encapsulation (GRE). Despite the advantages of simple setup, and fast speeds, this protocol is spoiled by major security concerns which date back as far as 1998. In short, PPTP is best avoided for modern users.
The L2TP (Layer 2 Tunneling Protocol)
L2TP the Layer Two Tunneling Protocol, an extension of PPTP, which combines the latter with L2F (Layer 2 Forwarding Protocol) that was designed by Cisco. L2TP does not have integrated encryption, so this gets added via IPSec (Internet Protocol Security).
Unlike PPTP which uses a 128-bit key, L2TP has a 256-bit key, and this is considered complex enough for top-secret communications. L2TP is a more recent protocol, and has been supported in Windows since XP, as well as Mac OS 10.3 or better and mobile operating systems.
L2TP requires more overhead for the more complicated 256-bit encryption and double summarization. It can also be more difficult to set up and configure. It is generally felt to be secure, although more recent NSA leaks would suggest that L2TP is at risk to attacks when the encryption is using pre-shared keys.
The SSTP (Secure Socket Tunneling Protocol)
The Secure Socket Tunneling Protocol (SSTP) is directly owned and controlled by Microsoft. That explains its other name – Microsoft Secure Socket Tunneling Protocol (MS-SSTP) – so unsurprisingly, it follows that this is only available on Windows.
The name is derived from the traffic being routed through the Secure Sockets Layer (SSL) protocol, which uses TCP port 443, and makes it pass through firewalls and proxy servers, so it is much less likely to be blocked. As it is not open source, SSTP is one of the most secure of these VPN protocols.
SSTP is more modern than the previously discussed protocols, and it’s available in Windows Vista SP1 and later. SSTP was designed for remote client access, and does not generally support site-to-site VPN tunnels.
Open VPN TCP
All of this built-in idleness means Open VPN TCP is considered a highly reliable protocol, with all data being delivered. The downside of this is that all of the sends, confirmations, and resends, require a larger amount of overhead, which drags the network speed down. Open VPN TCP is an ideal protocol for higher security where latency is not the priority, such as general web surfing and emails.
Open VPN is a popular security protocol created by James Yonan. Unlike the previous proprietary VPN protocols, Open VPN is open source and published under a GNU General Public License. This gives the community access to the source code so that any security flaws are identified and dealt with, rather than allowing potential flaws and backdoors to exist in the code.
SSL/TLS is used for pre-shared key exchange, adding to the security. The encryption utilized for Open VPN is also open source, as it uses Open SSL which supports up to 256-bit encryption. Open VPN comes in two main flavors: Open VPN TCP and Open VPN UDP.
Not all VPN providers give you a choice between these two Open VPN protocols, but some certainly do – although they may offer little guidance on what’s different between them, and which you should choose. We’re explaining the TCP variant here, and UDP in the next section.
Open VPN TCP is based on TCP (unsurprisingly), the Transmission Control Protocol, which combined with the Internet Protocol (IP) creates a set of rules for how computers exchange data back and forth. TCP is a protocol that is connection oriented, and it creates and keeps this connection going while applications perform the exchange of their data.
TCP is the most used connection protocol on the internet. One of its advantages is that it’s a ‘stateful protocol’ in that it has integrated error correction. This means that with each packet of data transmitted, a confirmation of the packet’s arrival is needed before the next one is sent – and if no confirmation is received the current packet gets resent.
For more information please visit openvpn.net, the related sourceforge page or github page. OpenVPN offers also an app for Android and iOS.
Open VPN UDP
The alternative protocol to Open VPN TCP is Open VPN UDP. UDP stands for User Datagram Protocol, which is another communications protocol for transmitting data between a client and the internet.
Unlike Open VPN TCP, which is designed to maximize reliability of data transmission, Open VPN UDP is targeted at low-latency transmission of data, without the emphasis on the guaranteed delivery of data (so therefore reliability is sacrificed).
UDP just transmits the packets of data without all the redundancy and checks, so it has less overhead and therefore lower latency. These characteristics make Open VPN UDP well suited for audio and video streaming tasks, and indeed gaming.
Conclusion
I can recommend that you use either Open VPN over UDP/TCP or SSTP. L2TP I would try to avoid if pre-shared keys are being used. PPTP should be avoided at all costs since it is an outdated protocol from the 90s.