The Secret Language of Virtual Private Networks

VPN protocol comparison – The Secret Language

When it comes to online privacy and security, few subjects are more important (or confusing) than Virtual Private Networks or VPNs. To better understand the technology, let’s begin with a simple definition:

A virtual private network (or VPN) is a tool — comprised of hardware and software — which allows specific people to have access to specific data stored on specific computers.

Think about your email for a second. Most people already know that their emails reside on fancy computers — called “servers” — which are owned and operated by companies like Google, Microsoft, or Yahoo. However, those servers don’t just keep your personal email account: they also keep the email accounts for many thousands of people. Therefore, to maintain everyone’s privacy, you only have specific access to those email accounts which are actually yours.

VPNs work in much the same way.

A username and password is required when logging into VPN software. That software can reside on your computer or smart devices. Once you’ve successfully logged into your VPN software, you are given access to servers in various locations around the globe.

So… what then?

What Does a VPN Actually Do

VPN allows for special kinds of access
VPN allows for special kinds of access

At its core, a VPN allows for special kinds of access. Here are a few examples:

Gaining access to your company’s network

If you’ve ever worked at a large enough company, you probably know that the company’s VPN software permits you to access the company’s network… even if you’re at home or away from the office. By being virtually on the company’s network, you gain access to company servers, information, printers, and more. For most of us, VPNs have made remote work during the pandemic possible.

Preventing your ISP from viewing where you surf

Even in countries like The United States, your Internet Service Provider (also called an “ISP”) has the ability to track what you do online. Not only can your ISP log every website that you visit while connected to the Internet via their network, but they can also sell that information about you for advertising purposes. Worse, your ISP can provide that information to the authorities for certain legal purposes when it’s requested. It’s creepy.

However… when you connect to the Internet via your VPN provider, your ISP no longer has access to this information. All they can see is that you’ve connected to a VPN. This creates a wall between you and your ISP, providing extra privacy that others do not have.

Bypassing your ISP from prioritizing certain content

Some Internet Service Providers make money — and a lot of it — by deciding, arbitrarily that they’ll prioritize certain websites or content. In 2014, Comcast, one of the largest ISPs in the United States, famously slowed the speed of Netflix so much, that the company paid Comcast a hefty fee to stop the practice. That’s also creepy, so no, thank you.
However… as we mentioned above, if you’ve connected to the Internet via a VPN, then your ISP doesn’t know that you’re surfing to Netflix or any other website. Therefore, if they decide to arbitrarily slow Internet traffic to certain websites, you’ll continue to enjoy bypass those restrictions and surf more normally. Thanks, VPN!

Bypassing blocks to access certain content

If you live in a repressive country (cough, cough, CHINA) that doesn’t allow Internet access to subjects like a free press, women’s rights, LGBTQIA rights, or certain types of social media, then using a VPN can — in some cases — allow you to access those kinds of websites. We say “in some cases” because it’s true that your ISP or country can block access to known VPN providers. However, it’s also true that VPN providers add new servers with new IP addresses all the time, so there’s room for people with an eye towards freedom to pursue that goal, even in dictatorships.

Streaming free video from another country

If you’re a paying Netflix customer in the US but travel abroad and want access to Netflix’s American library… sorry. You won’t be able to do that. But… if your VPN service offers servers which are geographically located in the US, then guess what?! All of that content is suddenly available to you, once again.

Although some video-on-demand websites block certain VPN services from working, it’s worth remembering: VPN servers are being added all the time, so just make sure you pick a VPN that offers a free trial. That way, you can test the access you need before you commit to a yearly purchase.

Now that you know what a VPN is and what it can do, the final step is understanding how the connection between your computer and the VPN server is so crucial to your security and peace of mind.

It’s All About The Protocols

If a network is simply a connection between two or more computers, then understanding how that connection is made is extremely important.

Connections between computers are made using protocols. In networking, a protocol is simply a language that computers use when talking to each other. Just like people who live in different countries, computers also speak different languages. For example, mobile devices like smartphones or tablets can sometimes speak a different language than desktop or laptop computers. And servers — which are very powerful computers — can speak even other languages.

More importantly, some protocols (or languages) are more secure or private than others. So, if you’re interested in having more privacy and security online, then knowing which protocols your VPN offers and uses is crucial.

With that in mind, let’s take a look at the most common protocols used by VPN companies and see how they stack up to each other.

Protocols
Protocols

OpenVPN

OpenVPN is an open-source VPN protocol. “Open-source” means that it’s neither run nor owned by a corporation. For that reason, open-source software is considered to be more secure because anyone can look at the code and spot problems, errors, or bugs. In fact, go ahead and have a look at the OpenVPN code yourself: it’s fascinating to see how many contributors there are and how often which code gets updated.

As a protocol, OpenVPN is considered very secure:

  • First, it uses software called OpenSSL, which is the same software that’s used to encrypt nearly every secure website on the planet — easily identifiable because start with the prefix “https”.
  • Second, it can be configured to look just like normal internet traffic and is therefore very difficult to block.

OpenVPN and its free OpenVPN Connect product line are now considered the default protocol used by most paid VPN providers and supports several types of encryption (or hiding) of your data, most notably an encryption known as AES which is very strong.

L2TP/IPSec

Layer 2 Tunnel Protocol (or L2TP) is based on technology developed by Microsoft and Cisco in the 1990s. It’s a very good protocol for communicating data but… it’s not so great for encrypting (or hiding) your data. Therefore, in 2001, it was paired with a second technology called Internet Protocol Security (or IPSec) which does provide solid encryption.

And presto: L2TP/IPSec was born.

What a name though, right? Combine “L2TP/IPSec” with terms like “tunnel” and “layer” and you have the perfect recipe to confuse 99% of the people on the planet. Therefore, we encourage you to think about it this way:

  1. Tunnels for computers are similar to tunnels for people: they help connect two locations in a safe way that allows for transportation between those two locations. Similarly, layers for comptuers are similar to layers of a cake or floors of a building: they provide the foundation on which other things can be built.
  2. Therefore, in easy-to-understand terms, L2TP/IPSec uses tunnels and layers to help secure and then transport your data.

While, L2TP/IPSec has no known major vulnerabilities, it’s worth noting that some people believe — and there is literature to suggest — that the NSA might have attempted to compromise the protocol to help gather data. If this is something that concerns you, then ask your ISP if they offer other kinds of protocols when connecting to their VPNs.

PPTP

Remember rotary phones and dial-up modems? Way back in the 1990s we had to dial in to connect to the Internet and our modems made this terrible screeching noise. It’s easy to laugh at what the past sounded like. But, even then, there were VPNs and protocols.

Microsoft, 3Com and others developed the “point to point protocol” (or PPTP) in 1999. Although PPT is quite fast and incredibly easy to set up, it achieves its speed and ease-of-use by omitting any real security. Because tools to decrypt the PPTP protocol were released in 2012, it’s now assumed that the NSA actively decrypts and monitors PPTP traffic.

Stay away from this protocol. If your VPN company only provides this kind of security, you should find another provider.

SSTP

The Secure Socket Tunneling Protocol (or SSTP) is owned and controlled by Microsoft. That makes it a proprietary technology and not open-source. As such, this makes it less trustworthy as the code cannot be examined. SSTP was first introduced on Windows Vista and — although it is available for Linux, BSD, and Windows — it’s really a Windows-only VPN solution.

If you’re on a computer running Windows and you’re comfortable trusting Microsoft as a corporation then SSTP does offer solid security options, including something called advanced encryption standard (or AES) which is so a highly-regarded that the US Government uses it to protect classified information.

IKEv2

Internet Key Exchange version 2 (or IKEv2) was developed by Microsoft and Cisco. Because it’s good at reconnecting securely whenever its connection drops, it’s a very good solution for mobile devices which are browsing the Internet on cellular networks. It’s also fast.

Really fast compared to the other protocols on this list.

IKEv2 also supports advanced encryption standard (or AES) and — like the L2TP protocol I mentioned earlier — also uses Internet Protocol Security (or IPSec) for encryption. Because Microsoft’s IKEv2 is proprietary software (and, therefore, not open-source), it should be trusted less. However, there are a handful of popular, open-source versions of IKEv2 that you should trust because the code is freely available.

Of these, Libreswan and OpenIKEv2 are two of the oldest and most trustworthy.

Full disclosure: Switcherry VPN uses IKEv2

Wireguard

Available for Windows, macOS, BSD, iOS and Android, Wireguard is “the new kid on the block” when it comes to VPN protocols. It uses state of the art cryptography (which you can read about here) and, more importantly, it’s open-source, making it a strong candidate for being trustworthy.

Developed by security researcher Jason Donenfeld, Wireguard was designed to be very fast, very small, and very easy to set up and use. It’s built on the Linux operating system, which is, itself, open-source.

However, Wireguard isn’t widely implemented yet. Some commercial VPN providers offer it but it remains unclear if this newest tech will ever hit mainstream adoption because its developers wish to keep it’s codebase (or size) as small as possible. Time will tell.

Which Protocol Is Best For You

Best Protocols
Best Protocols

Well, that depends on many factors. However, generally speaking, if you seek both top tier security with decent speeds, then an open-source build of IKEv2 or the OpenVPN protocol might be exactly what you need.

The chart below can assist with your decision making.

Then, choose a VPN provider that offers exactly what you’re seeking and don’t compromise.

After all, it’s your security and privacy: start to advocate for yourself!

Graphic, courtesy of PureVPN
Graphic, courtesy of PureVPN

Author: Nicolas Cuts

Product Managers at SwitcherryVPN. Have 5 years background in management and marketing. I never stop learning!

Leave a Reply

Your email address will not be published. Required fields are marked *