A Virtual Private Network is a relatively simple way of sharing data between two computers.
It creates a secure data connection, which is commonly used for one of the following tasks:
- Exchanging confidential information
- Remotely accessing a device
- Accessing content through a peer-to-peer network
- Bolstering security over public WiFi networks
Even though they’re relatively simple in principle (and often in practice), VPNs often seem confusing to beginners.
One of the main reasons involves the sheer diversity of VPN protocols, which determine how information is shared between connected devices.
Some protocols encrypt the whole IP packet being distributed, including its header. This is known as a tunnelling protocol.
Transport protocols only encrypt the data payload – not the header. They’re simpler and more efficient, designed for client-to-site communications rather than two-way conversations.
To the uninitiated, these protocols can seem daunting, yet they’re all variations on a theme.
Common VPN protocols
The list below isn’t exhaustive, but it covers the VPN protocols you’re likely to encounter in 2018.
We’ve also included a couple of older protocols, still soldering on in the face of ever-evolving threats. Think of them as the Nokia 3310 (or Rick Grimes) of VPN protocols.
Most protocols are better known by acronym abbreviations, listed in brackets after the name:
- Internet Protocol Security (IPSec). Like most of the entries on this list, IPSec authenticates a data transfer session before encrypting each data packet. Specifically designed for IP traffic, it’s also compatible with other security protocols.
- Layer 2 Tunnelling Protocol (L2TP). In tandem with IPSec, L2TP creates a secure connection between two devices. As its name suggests, this is a tunnelling protocol rather than an encryption one. It has also largely replaced its predecessor, PPTP
- Point-to-Point Tunnelling Protocol (PPTP). PPTP was built into Windows 95 for dial-up modems, but various security flaws have been exposed in recent years. Its lack of encryption means PPTP is still handy for swerving geolocation restrictions when streaming content
- Secure Sockets Layer (SSL). Invented by defunct web browser firm Netscape, SSL is largely obsolete and shouldn’t be confused with the titular certificates. These have 2048-bit encryption for web traffic, and are acknowledged by a green browser address bar
- Transport Layer Security (TLS). Launched in 1999 and based on SSL version 3.0, TLS has supplanted its predecessor even though the two acronyms are still used interchangeably. It turns http web traffic into a private conversation started and ended by the client device
- OpenVPN. This open source software can be modified by users. It’s based on SSL/TLS, offering compatibility with operating systems from Linux and Windows to BlackBerry and iOS. OpenVPN does run slowly, but its 256-bit key encryption is almost impenetrable
- Secure Socket Tunnelling Protocol (SSTP). SSTP is more platform-specific, bundled with Windows since Vista and now integrated into Windows 10. Its 2048-bit authentication certificates and 256-bit encryption keys make it secure to use – and hard to block
- Secure Shell (SSH). Sometimes known as Secure Socket Shell, SSH creates a VPN tunnel for transporting data and then encrypts it. It’s commonly used when a remote IT expert wants to access your device by taking control from a separate location
- Internet Key Exchange version 2 (IKEv2). A tunnelling protocol rather than an encryption one, IKEv2 is useful for mobile networks where connectivity keeps being lost. It’s also stable when switching from WiFi to mobile data, making it great for smartphones
- Multi-Protocol Label Switching (MPLS). A protocol you’re unlikely to come across, since it’s designed for scalably integrating several users into site-to-site connectivity. Benefits include reducing latency – the delay between data’s distribution and its receipt.
How to set up VPN protocols
The process of setting up a protocol will vary by provider, but it’s usually as simple as installing a client and choosing a username and password combination.
Some protocols will even be set up on your behalf, like remote logins to your desktop PC from a network specialist trying to resolve a technical problem.
SSL/TLS are handled through a web browser, without needing any additional software or interfaces.
You can improve any protocol’s reliability by rebooting your device prior to use, and ensuring only one active VPN client is running at any given moment.
Software conflicts may prevent VPN protocols working with antivirus software or firewalls, but you should only disable these if strictly necessary.