The most secure and anonymous VPN protocols

Hello, my name is Nicholas Cuts. I am an employee of the Switcherry VPN company. In a new article on my blog, we will talk about VPN protocols again, but this time we will look at the practical aspects of this topic.

In the article «Varieties of cryptographic protocols used in VPN» I gave a fairly detailed description of the most commonly used VPN protocols. If you have read this article, then you already know a lot about the most important protocols of Virtual Private Networks. You found out how they differ from each other, which of them are the most popular – fast, reliable and safe, and which are less reliable, unsafe and slow. And now that you know the main advantages and disadvantages of the most common VPN protocols, we will talk about which of them should be used in specific cases on certain devices. You will learn which VPN protocols are recommended to choose for use at home on desktop computers, and which when traveling on mobile devices, which are suitable for transmitting confidential information, and which can only be used as a last resort, etc. In other words, the topic of the article will be considered in the aspect of practical examples from everyday life. But first I will remind you again what VPN and VPN protocols are.

Briefly about VPN networks and VPN protocols

VPN or Virtual Private Network are secure communication channels created on top of an open network (so-called «VPN tunnels») that allow you to securely transfer confidential information. There are two types of VPN networks:

  • VPN networks with direct remote access (Remote Access VPN) – VPN tunnels connect the VPN server to users’ devices. It is such networks that VPN providers deploy to serve customers. Also, VPN networks with direct remote access are deployed by companies to create secure connections between company servers and remote workers’ computers;
  • VPN networks between servers (Site-to-Site VPN) – several local networks are connected using VPN tunnels. A network connecting a company headquarters server to remote office servers can serve as a good example between a server VPN network.

VPN tunnels connecting VPN network nodes are created using two software technologies – encapsulation and encryption. The set of rules and instructions on the basis of which a VPN tunnel is formed and the secure transmission of information is carried out is called the VPN protocol. Different VPN protocols provide different degrees of protection for the transmitted data. You can learn more about VPN networks if you refer to my article: «What is a VPN and why is it needed».

Remember that the choice of VPN protocol depends on the load on the device processor, data transfer speed and total traffic volume.
A VPN is a communication channel that protects the user from intruders on the Internet
A VPN is a communication channel that protects the user from intruders on the Internet

Compare and choose a VPN protocol for maximum anonymity

Before you start choosing the best VPN protocol, you need to decide where and for what in general you plan to use a VPN. Different VPN protocols have different technical characteristics: some of them are very fast, but have security problems, others are slow, but provide the highest degree of protection. Some VPN protocols work fine on desktop computers, but are poorly suited for mobile devices, some are able to bypass any censorship and blocking, protect information from intelligence agencies and intruders, others are able to provide protection only from novice hackers, etc. Therefore, before choosing the most suitable VPN protocol in your case, answer the following questions:

  1. On which devices, with which operating systems do you plan to use a VPN?
  2. Will you use a VPN only at home? Or also at work? Or are you planning to install VPN clients on mobile devices for use on trips, including abroad?
  3. What primarily serves as the reason and motive for using a VPN (downloading files from torrents, watching streaming videos, protection from surveillance by an Internet provider and special services, circumventing censorship and unblocking sites, etc.)?

PPTP

PPTP – the most ancient of the popular VPN protocols. Its advantages are that it is very fast, easy to set up and can work perfectly on the oldest computers and low-power devices. But its disadvantages far outweigh its advantages: the protocol is extremely insecure, even a novice hacker can easily crack it, he is unable to overcome censorship and blocking.

When is it recommended to use

The PPTP protocol is not recommended to be used at all ever and anywhere. Despite the fact that the protocol has a high data transfer rate, it is not able to provide even a minimum level of protection. Use it only if other VPN protocols are not available to you – it is better to have the weakest protection than to have no protection at all! And in no case do not use this protocol to transfer confidential information. Watching streaming videos and playing games online is the maximum that it is still good for. And not even all games are concerned, read more about choosing a VPN for gaming here.

Which operating systems and devices work better with the PPTP protocol

Since this protocol is part of the core of all popular operating systems, it works seamlessly on any computer and mobile device.

L2TP/IPSec

L2TP is an improved PPTP protocol. This protocol does not encrypt data, so it is used in conjunction with the IPsec protocol. IPsec is a set of modern cryptographic protocols. The L2TP/IPsec protocol provides a high level of protection, but due to the complex way of forming packets (double encapsulation is used), it imposes increased requirements on the processing power of the processor and has a relatively low data transfer rate.

When is it recommended to use

If your choice is limited to only two protocols – PPTP and L2TP/IPsec, then, of course, use only L2TP/IPsec. But if you have access to the modern encryption protocols described below, then they should be preferred over L2TP/IPsec, since this protocol significantly slows down the data transfer rate and increases the load on the processor. Another drawback is that this protocol is easily identified and blocked and therefore cannot be used to circumvent censorship.

Which operating systems and devices work best with the L2TP/IPsec protocol

The L2TP/IPsec protocol, as well as PPTP, is part of the distribution of many popular operating systems. It works well on desktops and laptops, but for low-power and mobile devices, this protocol is too «heavy».

IKEv2/IPSec

IKEv2/IPSec – modern and reliable VPN protocol. It has built-in support in Windows, macOS and iOS. However, we must not forget that IKEv2/IPsec is a proprietary protocol, it is the property of Microsoft and Cisco and can potentially contain backdoors. But there are also free, open-source versions of this protocol for Android and other popular operating systems. The protocol has a very useful extension MOBIKE (Mobility and Multihoming protocol), which allows you to switch from one Wi-Fi network to another without breaking the VPN connection.

When is it recommended to use

IKEv2/IPSec – the best choice for mobile devices used to work on public Wi-Fi networks. However, just like L2TP/IPsec, IKEv2/IPsec is easily detected and can be easily blocked by the ISP if desired.

Which operating systems and devices work best with the IKEv2/IPsec protocol

IKEv2/IPsec is the default VPN protocol of iOS, so it can be considered an ideal choice for iPhones and iPads. Read about what other protocols are best suited for Apple devices in this review. And how to set up VPN on your ipad and iPhone – these instructions.

SSTP

SSTP – a reliable and secure VPN protocol developed by Microsoft. It uses TCP port 443, and its traffic is indistinguishable from HTTPS traffic. Thanks to this remarkable feature, the SSTP protocol cannot be identified and blocked. This is its main advantage. However, since this protocol belongs to Microsoft Corporation, it may well contain backdoors, which enable US intelligence agencies to decrypt and read traffic protected by the SMTP protocol. Another disadvantage is its low prevalence, in fact, this protocol is used almost exclusively on computers running Windows.

When is it recommended to use

SSTP – the best protocol for circumventing censorship. As practice shows, using this protocol, it is possible to overcome all restrictions and blockages even in countries such as China, Iran and Saudi Arabia.

Which operating systems and devices work best with the STP protocol

SSTP is owned by Microsoft Corporation and therefore has built-in support in Windows OS. There are protocol options for other operating systems, but they are quite difficult to configure. I wrote about how to set up VPN on Windows here.

OpenVPN

The most common VPN protocol at the moment. Absolutely reliable and secure protocol, open source.

When is it recommended to use

OpenVPN – without a doubt, the best VPN protocol for desktop computers and routers. It should be used wherever reliable communication channels are needed to transmit confidential information.

Which operating systems and devices work better with the OpenVPN protocol

OpenVPN does not have built-in support in any operating system, but VPN clients are designed for it and work perfectly on all popular platforms and devices. However, since this VPN protocol requires a powerful processor and increases the amount of data received/transmitted, it is better to use it only on desktop computers with unlimited Internet traffic.

Wireguard

A new free VPN protocol. Its source code is freely available for testing and study. The distinctive features of this protocol are an unusually high data transfer rate with maximum security and low consumption of system resources.

When is it recommended to use

Wireguard should be used wherever high speed and security are needed. However, since the ChaCha20 encryption algorithm used by this protocol has not yet been well studied, when transmitting strictly confidential information, the OpenVPN protocol should still be preferred.

Which operating systems and devices work best with the Wireguard protocol

Wireguard VPN clients are designed for all popular operating systems. Moreover, Wireguard is part of the Linux OS and Android 12 core.

SoftEther

SoftEther – this is not a separate VPN protocol at all, as some believe, but a full-fledged software for deploying a VPN network. The SoftEther VPN client and VPN server are able to work with a whole set of VPN protocols: OpenVPN, L2TP/IPsec, SSTP, L2TPv3/IPsec, EtherIP/IPsec and SSL VPN (the latter two protocols are SoftEther’s own VPN protocols, the first of them uses the IPsec library, the second is OpenSSL). SoftEther developers claim that their VPN protocols are less demanding on the computing power of the device, and have a higher data transfer rate than the original protocols.

When is it recommended to use

SoftEther – the best software for self-configuring your own VPN network. Use it if you own or rent a server. A VPN network deployed based on SoftEther software is without a doubt the best solution for small and medium-sized companies. You can learn more about what business VPN solutions exist.

On which operating systems can SoftEther VPN servers and VPN clients be installed

VPN-network based on SoftEther software can be deployed on almost any server (including Linux, FreeBSD, Solaris and Mac OS X) and client operating systems (see picture).

Protocols that are used by VPN
Protocols that are used by VPN

Is it worth trusting «branded» VPN protocols

Many VPN providers create their own VPN protocols. However, all these «branded» VPN protocols are a reworking of existing popular VPN protocols. The basis is usually taken from proven and well-established protocols that have open source code, such as OpenVPN and Wireguard. However, «branded» VPN protocols are the property of the companies that created them and their source code is not available for verification and testing. Obviously, «branded» VPN protocols may well have flaws and vulnerabilities. Therefore, it is better to abandon the use of «branded» VPN protocols in favor of original protocols.

Which VPN protocol is the best

If you have read the article before this paragraph, you have already realized that it is impossible to give an unambiguous answer to the question in the title. It all depends on the specific situation, on where and on what device you are going to use a VPN. But, in general, we can draw the following conclusions:

  1. OpenVPN – the best choice for desktop computers. A time-tested, reliable, completely secure protocol. Use it whenever and wherever possible;
  2. IKEv2/IPSec – the best choice for mobile devices that often work in Wi-Fi networks;
  3. SSTP – the best protocol for circumventing censorship. Only this protocol is guaranteed to overcome the Great Chinese Firewall;
  4. Wireguard and SoftEther SSL-VPN – the future probably belongs to these two VPN protocols.

FAQ

1. PPTP protocol is very fast. Is it safe to download files from torrents using this protocol?

1. PPTP protocol is very fast. Is it safe to download files from torrents using this protocol?

It depends entirely on the Internet provider. If your Internet provider conducts a deep analysis of your VPN traffic, then if you use the PPTP protocol, it will easily detect that you are downloading files from torrents, and even determine which files you are downloading. What can happen next – guess for yourself.

2. Is the OpenVPN protocol capable of overcoming censorship in countries such as Iran or China?

2. Is the OpenVPN protocol capable of overcoming censorship in countries such as Iran or China?

No, the OpenVPN protocol in its pure form is easily identified and blocked by Internet service providers in these countries. However, if you make some changes to the source code of the protocol in order to mask and obfuscate traffic (which is what the best VPN providers do), then such a modified VPN protocol is quite capable of overcoming the most perfect censorship barriers. It is recommended to read more about obfuscation and masking of VPN traffic in my article «Can a VPN overcome the Great Chinese Firewall?»

Author: Nicolas Cuts

Product Managers at SwitcherryVPN. Have 5 years background in management and marketing. I never stop learning!

Leave a Reply

Your email address will not be published. Required fields are marked *