Why Are There Different VPN Protocols and How Do They Differ?
Why Are There Different VPN Protocols and How Do They Differ?
In this article, we discuss the many different VPN protocols, their presence in different development environments, and their overall performance.
Join the DZone community and get the full member experience.Join For Free
As one of the most important inventions of the 20th century, the Internet has opened up a world of new opportunities. But it has also led to the rise of new threats by enabling malicious actors to access private or commercially valuable data quickly and easily. One way to overcome this problem and protect important data is by creating a secure connection between a computer and the Internet.
The first practical solution was proposed by Microsoft in 1995: A precursor to today’s Virtual Private Network (VPN) technology, point-to-point tunneling protocol (PPTP) promised users a secure, private connection, elimination of the risk of data theft or misuse. Over the years, VPN technology has grown to encompass several different protocols.
At its core, a VPN protocol is a method by which your device connects to a VPN server. Using a VPN helps ensure digital privacy and security and offers protection from malware and hacking. As an additional benefit, VPNs unblock geo-restricted content and hide their users’ physical location.
In the process of designing new protocols, engineers often focus on specific attributes, such as privacy, security, speed, or support for specific platforms or regions. Every platform is compatible with certain VPN protocols, depending on the OS and the level of access to system settings; not all functionalities are open to application developers.
In the early 2000s, the VPN market was dominated by just one protocol — OpenVPN. Today, however, a range of options offer different specifications to meet individual users’ needs. The main differences between these solutions lie in the time period when they were introduced, the scope of problems they were designed to address, and the dynamics of their current development.
To help you choose the VPN option that’s right for you, let’s look at the main differences between popular protocols and the benefits of each one.
The Oldest: PPTP
Dating back to 1995, the Point-to-Point Tunneling Protocol was developed by Microsoft and is probably the oldest VPN protocol in use. Its design is straightforward: It encrypts data moving between different networks by creating a tunnel. This results in a fast and direct connection; it also facilitates access to geo-blocked content. PPTP was integrated into Microsoft Windows 95/98/NT and is still supported by newer Windows platforms.
The main benefits of PPTP relate to the time when it was developed. Because it was created in the 1990s, it’s very easy to set up, has low CPU usage, and can be integrated into almost all operating systems. However, with a low 128-bit encryption level, this protocol is less secure than other options.
Is PPTP still in use? You might assume that it’s been completely replaced by newer protocols. However, PPTP is still supported by all Microsoft operating systems, as well as by certain systems like EdgeOS that are unlikely to be upgraded with more advanced and secure protocols. Generally speaking, you can use PPTP for geo-unlocking when security and privacy are not a priority.
The Most Popular: OpenVPN
OpenVPN was released in 2001 and became the first truly popular VPN protocol. It uses a custom security protocol that leverages SSL/TLS for key exchange, creating secure point-to-point or site-to-site connections. OpenVPN can run over User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) tunnel transports. Since this solution makes web traffic indistinguishable from the traffic that uses standard HTTPS over SSL, it becomes extremely difficult to detect and block.
OpenVPN is an open-source project that has grown to become highly customizable. It uses a wide range of encryption algorithms, and as a result, is highly secure even by current standards. However, its benefits do not extend to performance. In addition, due to a large amount of code written, the protocol is hard to modify or audit.
Despite these challenges, in many cases, OpenVPN is the default choice of VPN users--because it’s easy to configure and use. In essence, OpenVPN is a system-agnostic solution, meaning that it has no native support for any operating or hardware system. As a result, a VPN provider can configure it to support almost any mobile or desktop platform and integrate it with all popular operating systems. Thanks to its versatility, OpenVPN is often referred to as the most flexible and secure protocol--and the best solution in the marketplace, so long as the VPN provider implements it properly.
The Corporate Cog: IKEv2/IPsec
The first version of this protocol was released in 1998, but it is the more recent IKEv2 (Internet Key Exchange version 2) that has won widespread acclaim for its speed and security. IKEv2/IPsec produces the same symmetrical key for communicating parties that are used to encrypt and decrypt regular IP packets and transfer data. It builds a VPN tunnel by authenticating both sides and reaching an agreement on methods of encryption and integrity. The protocol supports a technology called ‘multihoming,’ which lets it handle network changes easily: For example, it allows users to switch from Wi-Fi connections to mobile internet without dropping the VPN tunnel.
IKEv2/IPsec is also extremely fast and advanced in its encryption method. However, at the same time, it’s easily detected and blocked in countries that restrict VPN usage at the provider level. IKEv2/IPSec’s speed makes it perfect for gaming and for voice and video communication, as well as for other network applications where perceived latency is critical.
However, what makes IKEv2 truly stand out from similar protocols is its unrivaled resilience to changing networks and its ability to re-establish a VPN connection that has been temporarily lost. For this reason, IKEv2 is widely used in corporate applications--and particularly for establishing a secure connection between offices.
The User’s Friend: L2TP/IPsec
First released in 2000, L2TP (or Layer 2 Tunneling Protocol) combines the best features of two other tunneling protocols, PPTP and L2F. Its new version was released in 2005, providing additional security features and improved encapsulation.
L2TP/IPsec encapsulates data twice, which can slow down the connection. To overcome this issue, the protocol carries out the encryption/decryption process in the kernel and allows multi-threading. Because L2TP does not provide confidentiality or strong authentication by itself, it is often implemented along with the IPsec protocol to secure a connection.
Despite being somewhat slower than its competitors, L2TP/IPsec is a good choice for the average internet user who needs a robust level of security but doesn’t want to struggle with compatibility and configuration.
The Rising (Mobile) Star: WireGuard
Released in 2018, WireGuard is a new open-source VPN protocol that is still undergoing active development. It uses high-speed cryptographic primitives and lives inside the Linux kernel, which makes networking both secure and lightning-fast. The WireGuard protocol features a much lighter code base than most VPN protocols, with approximately 4,000 lines of code (in comparison, OpenVPN and OpenSSL have around 600,000 lines combined). However, WireGuard is still under development and can potentially be blocked by network admins.
High performance and security make WireGuard suitable for small devices like smartphones and loaded backbone routers. Its smaller code base makes it easier to audit and implies a minimal attack surface for cybercriminals. Overall, WireGuard is the top choice for mobile devices and for the individual user who does not need to disconnect, reconnect, or reinitialize, since everything is handled automatically.
The Fastest VPN Protocol: Does it Exist?
Maintaining a fast and stable connection is a major concern for most VPN users. To determine which VPN protocol is the fastest, we measured ping, download, and upload speeds for the most popular protocols against a direct connection.
We conducted our tests using VPN Unlimited from Ukraine and a server located in Poland and measured transmission speed with the Speedtest Ookla application on iOS.
The results show that most current protocols have speeds that are comparable to a direct connection, which means that with consumer-level bandwidth, you probably won’t notice any difference.
As you can see, all protocols other than WiseTCP fall just 4-5 ms behind a direct connection. This is hardly surprising since TCP tracks all packets to make sure that no data is lost or corrupted. On one hand, this ensures smooth data transfer even in the case of network issues; on the other hand, it significantly slows down the connection.
It’s also important to note that both WiseTCP and WiseUDP solutions were developed by KeepSolid to circumvent VPN bans and blocks. When this is the priority, transfer speed is much less important.
In download speed tests, the leader becomes more obvious: The newest protocol, WireGuard, has been specifically developed to outperform older competitors and has proven to be the fastest, followed by IKEv2 and OpenVPN.
While download speeds are still comparable among most popular protocols, our upload speed test found that WireGuard is the top performer. It’s the only one that comes close to the speed of a non-protected connection.
But does this mean that we should all choose WireGuard and forget the previous generations of VPN protocols? Hardly. First of all, with standard consumer bandwidth, you’re unlikely to notice any difference in the speed of your connection. Besides, performance is just one dimension--and it would require more thought to find the most suitable VPN protocol.
All protocols have the same aim: To make your internet connection more secure, and to give you access to restricted content. What makes each protocol different is its specialization: OpenVPN lets you unlock blocked content, L2TP is extremely secure, and IKEv2 is fast and stable. WireGuard is great for mobile devices, and PPTP works best for legacy systems.
In the end, your choice of a VPN protocol depends on which factor you want to prioritize. Once you know the answer, choosing the right protocol is straightforward.
Opinions expressed by DZone contributors are their own.