With growing censorship and regulations threatening global internet freedom and security, in turn, we’ve seen an increasing number of services become available to protect your online web browsing.
Virtual Private Networks (or VPN) have become increasingly popular in recent years for their ability to bypass government censorship and geo-blocked websites and services, and do so without giving away who is doing the bypassing.
For a VPN to do this, it creates what is known as a tunnel between you and the internet, encrypting your internet connection and stopping ISPs, hackers, and even the government from nosing through your browsing activity.
What is a VPN Tunnel?
When you connect to the internet with a VPN, it creates a connection between you and the internet that surrounds your internet data like a tunnel, encrypting the data packets your device sends.
While technically created by a VPN, the tunnel on its own can’t be considered private unless it’s accompanied with encryption strong enough to prevent governments or ISPs from intercepting and reading your internet activity.
The level of encryption the tunnel has depends on the type of tunneling protocol used to encapsulate and encrypt the data going to and from your device and the internet.
Types of VPN tunneling protocols
There are many types of VPN protocols that offer varying levels of security and other features.
Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.
PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.
While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity – government agencies and authorities like the NSA have been able to compromise the protocol’s encryption.
Layer 2 Tunneling Protocol (L2TP) is used in conjunction with Internet Protocol Security (IPSec) to create a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel.
L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented. This double encapsulation does, however, make it a little slower than PPTP. It can also struggle with bypassing restrictive firewalls because it uses fixed ports, making VPN connections with L2TP easier to block. L2TP/IPSec is nonetheless a very popular protocol given the high level of security it provides.
Socket Tunneling Protocol, named for its ability to transport internet data through the Secure Sockets Layer or SSL, is supported natively on Windows, making it easy for Windows users to set up this particular protocol. SSL makes internet data going through SSTP very secure, and because the port it uses isn’t fixed, it is less likely to struggle with firewalls than L2TP.
SSL is also used in conjunction with Transport Layer Security (TLS) on your web browsers to add a layer to the site you’re visiting to create a secure connection with your device. You can see this implemented whenever the website you visit starts with ‘https’ instead of ‘http’.
As a Windows-based tunneling protocol, SSTP is not available on any other operating system, and hasn’t been independently audited for potential backdoors built into the protocol.
Saving the best for last, we have OpenVPN, a relatively recent open source tunneling protocol that uses AES 256-bit encryption to protect data packets. Because the protocol is open source, the code is vetted thoroughly and regularly by the security community, who are constantly looking for potential security flaws.
The protocol is configurable on Windows, Mac, Android, and iOS, although third-party software is required to set up the protocol, and the protocol can be hard to configure. After configuration, however, OpenVPN provides a strong and wide range of cryptographic algorithms that will allow users to keep their internet data secure and to even bypass firewalls at fast connection speeds.
Which tunneling protocol should I use?
Even though it’s the fastest, you should steer clear of PPTP if you want to keep your internet data secure. L2TP/IPSec provides 256-bit encryption but is slower and struggles with firewalls given its fixed ports. SSTP, while very secure, is only available on Windows, and closed off from security checks for built-in backdoors.
OpenVPN, with its open source code, strong encryption, and ability to bypass firewalls, is the best tunneling protocol to keep your internet data secure. While it requires third-party software that isn’t available on all operating systems, for the most secure VPN connection to the internet, you’ll want to use the OpenVPN protocol.
A good VPN service should offer you the choice of at least these four types of tunneling protocols when going online.