A VPN (virtual private network) is a great way to secure your personal data while online. It allows you to connect to a server located in a different country, enabling you to access blocked content and stay anonymous whilst online. There are several different types of VPN, each with their pros and cons. In this article, we’ll discuss some of the most popular VPN protocols along with the corresponding ports that you should use to connect to these protocols.
Probably the most popular and most supported (open source) VPN protocol out there is PPTP. It was developed by Microsoft and is based on the Point-to-Point Tunneling Protocol (PPTP). PPTP is a layer-two tunneling protocol, which operates over port 540 (PPTP). Therefore, most operating systems come with a built-in VPN client that supports PPTP (e.g., Windows, macOS). You can download 3rd party apps that support PPTP as well (e.g., Avast VPN, Cloudberry VPN, Freedome VPN, Golden Frog VPN, IPVanish, SurfEasy VPN).
PPTP is a very simple and straightforward protocol. In fact, most people refer to it as the “popcorn” or “paprika” protocol due to its simplicity. This simplicity, however, comes with a price. One of the major drawbacks of using PPTP is that it requires a static IP address. This, in turn, limits the usefulness of the VPN in dynamic environments such as home networks and mobile broadband (because static IP addresses can’t be changed easily). Another drawback of using PPTP is that it isn’t really designed for use over public networks (e.g., the Internet).
L2TP (Layer Two Tunneling Protocol) is a newer VPN protocol developed by Google. It is, in fact, an evolution of PPTP. L2TP is built on top of IP (Internet Protocol) packets and inherits the reliability, speed, and security of IP. It can operate over both IPv4 and IPv6. In addition to being open source, L2TP is also free, which makes it a popular choice for people looking for a free VPN.
Like PPTP, the built-in VPN client on Windows and macOS comes with a native connection to L2TP. You can download 3rd party apps that support L2TP (e.g., Avast VPN, Cloudberry VPN, Freedom VPN, Golden Frog VPN, IPVanish, SurfEasy VPN).
OpenVPN is the most popular proprietary VPN protocol. It was developed by OpenVPN Inc. (formerly known as Pretty Good Privacy (PGP) Inc.) and it is based on both L2TP and IPSec. OpenVPN is open source and extremely secure. It can operate over both IPv4 and IPv6. Since it uses UDP (User Data Packet) for transport, it is very resilient to network glitches and speed problems (like most other VPN protocols).
The OpenVPN client is available for almost every platform. In addition, 3rd party apps that support OpenVPN are also very common. Some of the popular ones are NordVPN, Private Internet Access (PIA), and ScaredCloud.
IPSec (Internet Protocol Security) is a suite of protocols (RFC 2637 IKEv2 and RFC 3948) designed to provide security over IP networks (e.g., the Internet). In other words, IPSec provides confidentiality, integrity, and anti-replay protection. IPSec is built on top of IP packets and it can operate over both IPv4 and IPv6. IPSec also has a mode of operation (IKE) that provides for user authentication and connection confidentiality. When combined with a VPN, IPSec can provide strong security with strong encryption.
The built-in VPN client on Windows and macOS comes with a native connection to IPSec. You can download 3rd party apps that support IPSec (e.g., Avast VPN, Private Internet Access (PIA), and ScaredCloud).
Of all the protocols we’ll discuss, IPSec is probably the most versatile and most commonly used. It can be used to securely connect to other types of networks (e.g., the Internet) as well as devices (e.g., laptops, mobile phones, and tablets).
Also known as “The Dark Tunnel”, I2P (Invisible Internet Protocol) is a newer and, in some ways, more complex VPN protocol. It was developed by a group of students from the Karlsruhe Institute of Technology in Germany. I2P is, in fact, a “Tunneling” protocol, which means it is designed to hide the existence of the network behind a firewall or router, preventing anyone from easily identifying the source or destination of a given TCP/UDP/IP packet. I2P is based on the Onion Router (Tor), which was originally developed by the United States Naval Research Laboratory. Like Tor, I2P is also completely open source and secure.
I2P is one of the most commonly used VPN protocols on the dark web, due mainly to its sophisticated security and anonymous features. Because of its relatively simple design and lack of support for modern conveniences such as dynamic IP addresses and VPN authentication, however, I2P isn’t as popular on corporate networks and other “trusted” environments. Some of the apps that support I2P are OnionShare, Privoxy, and Tor Browser.
SSL (Secure Sockets Layer) is a security protocol developed by the Netscape browser company. One of the most popular uses of SSL/TLS (Transport Layer Security) is to provide a secure channel for web transactions. When combined with a VPN, however, SSL security can be greatly improved. This is mainly because SSL operates at the application layer, giving it the ability to easily withstand most attacks. In fact, many ISPs (Internet Service Providers) utilize SSL/TLS to protect their customers’ personal data when they are browsing the web.
SSL is built on top of TCP and it can operate over IPv4 and IPv6. So, in addition to providing confidentiality, SSL/TLS can also provide a level of content caching. This is beneficial because it reduces latency and gives the user a fast connection. Most browsers support native connections to SSL/TLS, including (but not limited to): Mozilla Firefox, Google Chrome, Opera, and Safari. There are also numerous 3rd party apps that support SSL/TLS, including: AirVPN, Avast VPN, Cloudberry VPN, Copernicus, D-Link, Fiddler, GigaPan, IPVanish, Jincredible, Lacoon, LiquidWeb, MTS, Nitro, OpenVPN, Private Internet Access (PIA), Proximus, PureVPN, SharkVPN, Simplex, SmartDNS, and SurfEasy VPN.
It is important to note that, although SSL is a very common protocol (and one of the most commonly used ones as well), it has several weaknesses which, when combined with a VPN, can be quite damaging. One of the major drawbacks of using SSL is that it is very vulnerable to “man in the middle” attacks. This is because SSL operates at the application layer, making it quite easy to intercept communications. Additionally, the certificate system used by SSL is very vulnerable to tampering. This, in turn, makes it easy for anyone to impersonate any site or service with a forged certificate.
Another protocol that can be used for VPN connections is DTLS (Datagram TLS), which stands for “Datagram Transport Layer Security”. DTLS builds on top of TCP and it can operate over IPv4 and IPv6. Its main purpose is to provide confidentiality and authentication for datagrams (like emails, instant messages, and other types of data).
DTLS is somewhat more complex than the other protocols we’ve discussed so far, which makes it a bit more difficult to set up and use. It also doesn’t provide any advantages in and of itself, but it does make for a great pairing with a VPN, as we’ll discuss in a bit.