Understanding Common VPN Protocols

If you can imagine a VPN as a car, then a VPN protocol is the engine inside. But let’s go deeper than this.

VPN service providers (like HideMyAss VPN) use various VPN protocols to disguise your actual IP address.

What are VPN Protocols?

Under the hood, VPN protocols are tools deployed to ensure an encrypted connection. Some can be more private while others can be faster, but the experts agree–no one’s perfect.

Anyways, the list of significant VPN protocols include:

• OpenVPN
• WireGuard
• SoftEther
• IKEv2/IPSec
• L2TP/IPSec
• SSTP
• PPTP
• Proprietary Protocols

Keeping in mind the novice users, most VPN providers auto-connect to the best available VPN protocol.

But you should know about them as a privacy (and speed) enthusiast.

Let’s discuss each one with its pros, cons, and availability. Stay tuned.

OpenVPN

Released in 2002, OpenVPN protocol quickly rose in ranks and presently sits atop every other for its security.

The fact that it’s open-source and two-decade-old means that it has passed the test of time. Nearly every VPN provider connects with this as the default protocol.

It further comes with two networking protocols: UDP (User Datagram Protocol) and TCP (Transmission Control Protocol). UDP is faster, while TCP is more secure and better at breaking through firewalls.

This protocol has a range of encryption ciphers like AES (128 & 256 bit), Blowfish, ChaCha20, etc.

In layman terms, you can imagine different ciphers as various recipes with the end goal to provide a speedy encrypted connection (a delicious dish).

And if you can try the OpenVPN protocol for free, you may consider yourself a tech-savvy individual.

However, one downside that stings this otherwise fantastic VPN protocol is its heavy codebase. While it provides excellent security, this takes a toll on the speed.

You can use OpenVPN with all eminent VPN providers like SurfShark, NordVPN, TorGuard. Some VPN alternatives like Perimeter81 also use OpenVPN.

WireGuard

WireGuard is another open-source VPN protocol that saw its first stable release in 2020.

With just over 3800 lines of code, WireGuard comes with a minimal attack surface and ensures excellent encrypted speeds.

It is powered with ChaCha20 encryption and lacks the options available with the OpenVPN protocol. On the other hand, WireGuard’s limitations also eliminate the risk of misconfiguration.

But, things aren’t pretty for the privacy people, at least not out-of-the-box. WireGuard, by default, needs a static IP address which kills the very reason–privacy–for which a VPN is used.

To get around this, VPN providers are implementing their own versions of WireGuard, like NordLynx by NordVPN.

Finally, WireGuard may not be as good at bypassing censorship because it lacks support for TCP. You can experience WireGuard with AstrillVPN, SurfShark, TorGuard, etc.

SoftEther

Released in 2014, SoftEther is a free and open-source VPN protocol giving fast and reliable connections. It came into existence as a research thesis at the University of Tsukuba, Japan.

The in-house university tests claim it to be 13 times faster than the OpenVPN protocol. SoftEther supports AES-256 bit encryption among a range of other strong ciphers.

It also uses TCP port 433 that makes it good at escaping firewalls.

A security audit in 2018 revealed 80 vulnerabilities, which, however, were patched in the next update.

It’s a reliable option that one can use effectively to evade geo-censorship.

SoftEther can be used on Hide.me, CactusVPN, etc.

IKEv2/IPSec

This coupling is best for hopping in-and-out of multiple networks.

If you’re wondering, IKEv2 stands for Internet Key Exchange version 2, and IPsec is short for Internet Protocol Security.

IKEv2 was developed by Microsoft & Cisco as a joint venture.

As a protocol, IKEv2 is responsible for an authenticated VPN tunnel while IPSec encrypts this connection. Together IKEv2/IPSec forms an excellent VPN protocol.

This pairing supports high-security encryptions like AES, Blowfish, etc. It connects through UDP ports, so firewalls can be an issue with this VPN protocol, especially in a country like China.

And the fact that it’s a closed source project developed by for-profit organizations can be a downside, as per security advocates.

Finally, the rumors of NSA compromising IPSec don’t do it any favors. That being said, you can still use this VPN if you’re not among the likes of Edward Snowden.

You can explore this pair up on  IPVanish, ProtonVPN, etc.

L2TP/IPSec

Like the predecessor, Layer 2 Tunneling Protocol (L2TP) uses IPSec, which supports strong ciphers like the AES-256.

L2TP/IPsec encrypts your data twice. However, this extra security takes a toll on the connection speed, making it slower than its peers.

It was developed by Microsoft and Cisco as an upgrade to PPTP (discussed later).

And this also uses UDP connection ports, making it less desirable for the users trying to evade censorship.

Conclusively, it’s susceptible to the same security concerns as the IKEv2/IPSec. Regardless, some VPN providers still support this, like Perfect Privacy VPN.

SSTP

Secure Socket Tunneling Protocol (SSTP) is again a Microsoft product. This provides top-notch speeds and a secure connection with AES-256 bit encryption.

This should be your first option to unblock geo-restricted content because it networks over TCP 443 port, the same port used by HTTPS connections.

But this is a closed source project with questionable Microsoft heritage. So, it’s not a recommended option for sensitive data transfer.

SSTP can be set up with Hide.me, IPVanish, StrongVPN, etc.

PPTP

You can tag Point-to-Point Tunneling Protocol (PPTP) as an obsolete VPN protocol that most VPN users try to avoid.

It’s extremely fast but one of the least secure options on this list. At the most, PPTP can use 128-bit encryption, trading security for speed.

PPTP uses TCP port 1723, which aids in bypassing censorship.

This is also a closed source protocol from Microsoft, which reportedly has been cracked by NSA.

Conclusively, this is the least recommended option if you care about the very purpose of using a VPN.

Nevertheless, you can have PPTP on StrongVPN, IPVanish, etc.

Proprietary Protocols

These are the in-house solutions developed by some of the VPN providers themselves, like the NordLynx by NordVPN, which is a modified WireGuard.

Similar to this, there is Catapult Hydra (Hotspot Shield), OpenWeb (Astrill VPN), CamoVPN (Hidester), etc.

Using these options can be good, especially with the native VPN service. But open-source options that are decades old may prove better in protecting a user’s privacy.

Conclusion

There is no denying that the OpenVPN protocol is the best of the lot. It’s reasonably fast and secure. Besides, it has both options in TCP and UDP ports to cater to almost every use case.

In addition, you can also opt for SoftEther if your VPN provider supports that.

Finally, it’s hard to ignore SSTP if streaming land-locked content is the only thing you care about.

On a side note, you may also want to check out my compilation of the best VPNs to unblock YouTube.