The term VPN (Virtual Private Network) has reached high attention in recent years. This writing won’t focus specifically on VPN services (and their controversy) which have become a hot topic. Rather, we’ll be looking at the technical side of VPNs and their various forms and functions.
When remote devices communicate over public networks, the data being exchanged is open to anyone listening. Without being encrypted, any sensitive information sent via the internet is vulnerable to theft and exploitation by malicious actors. The purpose of a VPN is to insure the safe delivery of data across public networks. This is done by routing the internet connection of a device through a VPN server. Whatever data is passed through is encrypted by the server before going over the public internet.
VPNs are divided into two main categories by how the technology is implemented.
Remote Access VPN
This VPN type grants an individual user an encrypted connection to a remote server for access to a private network. If you’ve used a VPN service for personal use, you’ve experienced a remote access VPN. This type is what commercial VPN services are built on, allowing individual users to access their network as a means to connect to the internet. This process hides data transactions from local networks, providing privacy to one’s browsing. This in turn also enables access to content otherwise restricted to one’s regular connection to the internet.
Remote access VPNs are easily set up and simple to use, making them accessible to newcomers. While they’re typically used by individual for personal cases, they can also connect individual employees working from home to the corporate network.But for large-scale business needs, there are better options.
A site-to-site VPN allows multiple users in multiple fixed locations to access each other’s resources. By allowing numerous remote sites distanced across the world to securely communicate, these VPNs are optimal for organizations and large-scale corporate architectures. A site-to-site VPN – as in the name – connects entire sites to each other and is always active. It isn’t the easiest to implement (requiring specialized equipment) and requires configuration on both/all networks, again making it more suitable for organizations who have the proper resources.
A VPN’s protocol is defined by how data is sent through its connection. Each VPN has its own specifications, some prioritizing some qualities (e.g., speed, security) over others.
Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols. Made by Microsoft in the mid-90s, it was originally for Windows 95 and specifically designed for dial-up connections (a temporary communication connection via analog telephone lines). With fast tech advancements, PPTP’s security was quickly compromised from its encryption being cracked. Hence, most providers have upgraded to more advanced protocols.
Layer 2 Tunnel Protocol (L2TP) is an extension of PPTP, but unlike its predecessor it uses a variety of tunnel media rather than solely IP networks. It also supports several tunnels between endpoint pairs,each with its own specifications for managing data traffic (while PPTP supports a single tunnel between two endpoints). L2TP provides no encryption or privacy on its own, but used in conjunction with Internet Service Protocol Security (IPSec) – as it commonly is – it becomes extremely secure. L2TP and IPsec’s high compatibility with operating systems make them easy to set up.
This open source protocol has become popular with its implementation of Secure Sockets Layer (SSL) and 256-bit Advanced Encryption Standard (AES) key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm. Simply put,these all make OpenVPN incredibly secure. However, this impressive security means slower speeds. OpenVPN is compatible with the mainstream operating systems and platforms (Windows, MacOS, Linux, Android, IOS, Routers). There are two very different variations of OpenVPN – OpenVPN TCP and OpenVPN UDP.
OpenVPN TCP uses Transmission Control Protocol (TCP) for packet transmission. TCP is a stateful protocol, meaning every data packet transmitted has a confirmation packet in return. If a confirmation isn’t received, one’s packet is sent back. By guaranteeing the delivery of each piece of data, TCP ensures its delivery.
OpenVPN UDP, as you can guess, uses User Datagram Protocol (UDP). UDP is geared towards low latency over reliable data transmission. By reducing the number of security checks, it increases the quality of speed. This focus on reduced latency over reliability makes it useful for gaming and video streaming.
Secure Socket Tunneling Protocol (SSTP) is a Microsoft-developed protocol made to replace PPTP and L2TP/IPSec that had been available on Windows before it. This option provides excellent security, using SSL/TLS certificates for authentication and SSL keys for encryption. SSTP gained popularity from being fully integrated into every Microsoft operating system(since Vista Service Pack 1). Unfortunately, because it’s proprietary the underlying code isn’t publicly available.
Internet Key Exchange version 2 (IKEv2) was developed jointly by Microsoft and Cisco. Like L2TP it’s typically paired with IPSec for encryption and authentication. It’s big grab is it’s auto-reconnect attribute. This enables it to re-establishing links from temporary connection losses and switch between networks without protection of connection drops. IKEv2 is compatible with all major platforms (e.g., Windows, MacOS, Android, iOS, Linux, Routers)and supports smart devices (e.g., smart TVs, streaming services). It’s speed, stability,security, switch-ability, and being open-source all give it an edge.
SoftEther (“Software Ethernet”) is a free open-source protocol. Similar to OpenVPN, it uses SSL with 256-bit AES encryption. This protocol is extensive in its support with numerous operating systems (e.g.,Linux, Windows, MacOS, Android, FreeBSD, Solaris) and other protocols (e.g.,SSTP, OpenVPN, EtherIP, L2TP/IPsec).
This is the relatively new, hot VPN protocol employing the latest encryption protocols. Its known for its faster connections and newer cryptography than older protocols.
However, a major security concern has been its method of assigning IP addresses. In its default configuration, WireGuard stores IP addresses on a server rather than assigning them dynamically. This makes the protocol faster, but in exchange VPN servers keep logs of IP addresses and connection timestamps. Anonymity-wise, Wireguard is a poor protocol originally.
VPNs aren’t a bundle of overarching security. But they fill an important role with numerous types and use cases to consider. Now you have an insight on VPNs, their forms, and their functions! For more information like this, check out our other posts below!