Pages Menu
Categories Menu

Posted by in Online Secuity, VPN, VPN Setup

Know your VPN protocols

Getting a quality VPN service that suits your needs is only half the battle. Your choice of protocol can also have a big effect on your browsing experience. Most VPN services have a choice between 5 different tunneling protocols. The different protocols dictate how the data is encrypted and transmitted, offering tradeoffs in security, privacy, speed, and reliability.

First things first; the underlying protocol that provides the foundation for the Internet is called Internet Protocol (IP). This protocol is used to identify every computer network interface. IP is also what your computer uses when you type in a web address, aptly named Internet Protocol address, or IP address. This protocol has been on version 4, known as IPv4. However, this protocol only allows for 4.3 billion addresses. As more and more people connect online all of the unique addresses have been allocated so the switch to IP version 6, IPv6, has begun. This new version offers enough unique addresses for the foreseeable future, and beyond.


What is it

TCP is short for Transmission Control Protocol. It is run on top of the IP and is sometimes referred to as TCP/IP. It is one of the go to protocols because of the number of services it has built in. Those services include the ability to break large pieces of data into packets, checking for and resending lost packets to make sure all of the data is transmitted, and even reassemble those packets into the correct sequence which can be incredibly useful with certain types of information.

However, these desirable characteristics of TCP is also its downfall. Checking, rearranging, and reassembling packets can add to the delay of the network data, called latency. These same processes also occupy a significant amount of bandwidth, which may cause problems if there are other devices on your network fighting for space, or during peak internet traffic in your general area.

When to use it

Because of its properties you want to use TCP when it is imperative that you receive all of the information and in the correct sequence. So downloading some types of files to avoid corruption, music and video streaming (ie YouTube and Netflix), and sending/receiving emails are some examples of when TCP is preferable.


What is it

UDP is an acronym for User Datagram Protocol. Like TCP, UDP is often referred to as UDP/IP as it is overlaid onto the Internet Protocol. In contrast to TCP, UDP does not check to make sure all the packets are received and received in the right order. The tradeoff is that it can communicate much faster than TCP and uses up less bandwidth. Some applications are designed to be used with this protocol and are configured to account for the possibility of lost packets.

When to use it

Because UDP is the most basic transport layer the speed is fast, but it may drop or mix up the packets of information. You may want to use UDP when having VOIP (Voice Over Internet Protocol) conversations, playing a video game online (limits lag), and video conference calls. In these cases resending and rearranging the packets (as TCP does) isn’t useful.


What is it

PPTP is short for Point-to-Point Tunneling Protocol which is used to extend a company’s private network. This allows private tunneling for remote work to be done and was one of the original uses of VPNs. It provides the ability for employees to log into a company’s network from anywhere with an internet connection and alter the documents on its servers. PPTP, however, has become largely obsolete over the years as more and more security vulnerabilities have been discovered. Not to mention that PPTP only supports 128-bit encryption, where the contemporary standard is the next step up: 256-bit.

When to (and not to) use it

Because of its vulnerabilities and low key encryption (128-bit instead of 256-bit), if your goal is security, privacy, or anonymity it’s best to stay away from this protocol. There is evidence that government agencies (like the infamous NSA) have cracked this protocol. However, it is arguably the easiest to use and configure as well as one of the fastest protocols available, making it best suited for getting around geoblocked content.


What is it

Short for Layer Two Tunneling Protocol, L2TP is PPTP’s bigger brother. L2TP by itself doesn’t actually offer any encryption. But as PPTP’s bigger brother, L2TP has fixed the vulnerabilities that PPTP has. Because of its lack of encryption, it is often used with another encryption protocol- most likely IPsec- which is an industry standard protocol that significantly improves security. L2TP takes the data packaged and encrypted in IPsec (also called encapsulated in IPsec) and repackages it in L2TP. So, because L2TP isn’t too secure it’s really relying on the double encapsulation, and more specifically, IPsec (or other encryption protocol) for it’s security. The problem is that the NSA (and other agencies like GCHQ) can crack both IPsec and L2TP. In addition to this, the double encapsulation slows the connection speed adding latency to data transfer.

When to use L2TP

L2TP uses a specific port (UDP port 500) and as such can’t disguise its use by switching ports. This makes blocking a L2TP connection pretty easy. So sites and networks (like at school and work) wanting to geoblock content can easily identify and block L2TP connections. So the best uses for L2TP would be for corporate networking (to work remotely), or to provide some security on public WiFi networks- which are inherently dangerous. Even though L2TP/IPsec connections can be cracked by government agencies it’s unlikely your run of the mill hacker has the capability or will to crack it themselves.


What is it?

SSTP is an acronym for Secure Socket Tunneling Protocol and is a proprietary Microsoft protocol and as such is best supported on Windows devices. It is renowned for its encryption- arguably the most secure of all the protocols mentioned- and works much better than PPTP and L2TP/IPsec for bypassing firewalls. The main problem with this protocol is that because it is proprietary it isn’t audited at the same level as the other protocols. This means there may be vulnerabilities and back doors which aren’t widely known or discovered.

When to use SSTP

Because of its high level of security (hey, ‘secure’ is in its name) you should use this when transferring sensitive information online. So when logging into your bank (especially on public WiFi) or conducting e-commerce transactions it’s advisable to use this protocol. It’s also hard to identify and therefore block so you can also use it to get past office and school firewalls (because L2TP and PPTP will likely be blocked).

My current VPN Recommendation is HideMyAss! It's inexpensive, secure, and trustworthy, and they have one of the best mobile apps in the industry.

Post a Reply

Your email address will not be published. Required fields are marked *