Test our VPN and Smart DNS services
No credit card is requiredTry it Now
VPN protocols and VPN encryption are a very important part of what makes a VPN service work. Data encryption, security procedures and traffic speed are the most important VPN features. This article aims to make an introduction to VPN encryption and VPN protocols. How they work, why do we need them and how to make the best choices in order to obtain the best performances in terms of security, speed and compatibility. So, let’s start from the beginning.
Encryption is a procedure of encoding information so that only the owners of the decryption keys could decipher that information. It’s like a secret code that protects a message from being red by the people or computers who are not supposed to see it. But let’s go to the specifics and talk about VPN encryption. The way a VPN works is by creating a tunnel between computers from one end to another. The data that travels this tunnel is encrypted and afterwards decrypted when it reaches destination, so that nobody else on the way can read it. Encryption and decryption are accomplished by using dedicated security protocols. But we will talk more about VPN protocols, further in this article.
Maybe you are asking yourself: is this encryption thing just a toy for people who like to play spy games? Well if it’s a game, is more real than you think. Cyber-attacks, data thefts or just plain snooping are affecting users on a daily basis. Without a protective encryption you put at risk your financial information, your private data, you allow companies and governments to profile and monitor you. None of these sound very good, do they?
The best way to achieve an encrypted connection is to use a VPN service, there’s no doubt about that. A VPN is a network technology that ensures a secure connection over the Internet. Practically it keeps your online activity private and safe from any prying eyes. Because it encrypts all data and online activity there’s almost no chance for a hacker to read it. More than, a VPN provides an anonymous internet surfing by hiding your IP. This way you will get and encrypted browsing and your online activity becomes stealth to all the outsiders, including your internet provider.
VPN protocols represent both the encryption standards and transmission protocols required to ensure a fast and secure connection between a device and the VPN servers. The VPN providers offer to their clients various protocols, every one of them with specific characteristics. Depending on your protection and privacy needs, some of them might work for you better than others. The most used VPN protocols are Point to Point Tunneling Protocol (PPTP), Layer to Tunnel Protocol (L2TP), OpenVPN, Secure Socket Tunneling Protocol (SSTP), Internet Key Exchange (IKEv2) and SoftEther. In order to find out more about their advantages and disadvantages we will try to give you a quick and relevant look to their characteristics.
Point to Point Tunneling Protocol (PPTP) is one of the oldest and most popular VPN protocols. Created in the 90’s by Microsoft, was being used by almost all the companies interested in secure online traffic. It is compatible with every VPN device, supports up to 128-bit session key encryption, it’s easy to install and configure, without any external software required. Also, it works very fast compared to other VPN encryption protocols. But hold your horses because this wonderful, easy to use and quick protocol has one big flaw. It’s easy to crack. Yes, unfortunately, it has a lot of security weaknesses. Even Microsoft recommended a safer alternative like L2TP/IPsec or SSTP. Still, this protocol, because it’s fast, is a good choice for unblocking geo-restricted content.
Layer to Tunnel Protocol (L2TP)uses AES-256 bit keys or 3DES encryption algorithm and competes with PPTP on speed performances but, also, offers a much stronger security. It doesn’t work on its own, so usually it’s accompanied by the IPsec encryption suite. Nevertheless, in most of the cases, it’s easy to install and configure. We say most of the cases because L2TP could easily be blocked by some firewalls and, in order to fix that, it requires a more complex configuration. All in all it’s considered a highly secured protocol, although slower than others and relatively easy to be blocked by ISPs.
OpenVPN can use up to 256 bit encryption via OpenSSL and it’s the popular high school kid from the protocols class. It’s one of the most used VPN encryption standard, among VPN providers. OpenVPN uses a combination of SSLv3 and Open SSL technologies and combines them for an upgraded performance. The major pluses are that is very configurable, has a great performance against firewalls, so it’s very hard to block and it’s an open source. Also it’s very fast, but this feature depends on the level of encryption. Though, truth being told, it’s not as fast as L2TP/IPSec and it’s difficult to setup because it needs a 3rd party software.We recommend this protocol for users who are interested in a high security performance.
Secure Socket Tunneling Protocol (SSTP) is encrypted with 256 bit SSL key and it was created by Microsoft as a dedicated feature for Windows Vista SP1. Of course it doesn’t work with Apple devices. However it runs very well on Linux, RouterOS and SEIL. Not an open source, obviously, as it is Microsoft’s little treasure, so it’s not accessible for backdoor auditing. Besides that, SSTP is very secure, works impeccable with Windows operating systems and is able to avoid even the most powerful firewalls. But, again, we recommend it only if you are a Windows fan and you appreciate and trust Microsoft.
Internet Key Exchange, the second version (IKEv2) is encrypted with 256-bit AES key and it’s the result of combined effort between Microsoft and Cisco, and a good effort it was. Works very well on Windows 7 as it was a dedicated security protocol and also on the systems developed after that. Also it’s a good choice for Linux and Blackberry devices which cannot work with any other security protocol. It has many great features, like the capacity of automatically restoring VPN connection when Internet drops. It is superior in speed and security to many other VPN protocols and is a good choice for mobile devices as it reconnects automatically every time the Internet pauses and then comes back. The big downside is, again, that it works only for Microsoft products and friends.
SofteEther uses 256-bit AES key and it’s relatively a new bird on the wire. But what a fine exemplar it is. It was developed in 2013 as an open source and is a wish come true in terms of security and speed. If you need a comparison term, it makes OpenVPN to eat dust in terms of how fast it works. The throughput for SoftEther is over 900 mbps while OpenVPN goes with 100 mbps. Also its security is one of the best you can find. This great VPN protocol has managed to successfully integrate all the good features of other VPN protocols like OpenVPN, PPTP, L2TP and SSTP while eliminating their disadvantages. It is as fast as PPTP, secured as OpenVPN and stable as L2TP. The only disadvantage we could find about it is that is not yet very well known in the VPN club.
To answer the question what is pfs?, let’s go first to Wikipedia where we can learn that:
“forward secrecy (also known as perfect forward secrecy – PFS) is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. Forward secrecy protects past sessions against future compromises of secret keys or passwords.”
Why is PFS useful? Let’s say a hacker gets his hands on an encrypted information that he couldn’t decipher. But he holds down to it, for an undetermined period of time, until he manages to discover the encryption key. And all the secrets are out in the open. But, with the PFS, this danger is removed from VPN traffic and it works like this: the client and the server use a cipher suite called the Diffie-Hellman key exchange. A new key is generated each time the user and the server connect. The code will never be reused or stored so the encryption is different every time and that make the secret impossible to break. Even if the hacker discovers the master key there’s also a session key that could never be intercepted. What this means is that a secret remains a secret and once an information is encrypted it will remain so in the future.
To find a good answer to this question you have to take a fair look to your privacy and security needs. Like different type of cars, if you like, VPN protocols are fast but incompatible with some roads, safer but slower, or they try to take the most of the advantages and keep none of the lows.
So, taking all these under consideration you can now say that you can make a well informed choice. All the options are available for you, just take your pick.