Although they may seem incomprehensible, VPN protocols are necessary to ensure the security of all your online activities. This article offers a quick guide to VPN applications: which ones are and which ones are best used for secure access to the Internet. In this article we will consider the concept of VPN, all the basic authentication protocols used in VPNs, as well as their pros and cons.
What it is
Let's start with the basics: VPN refers to a private virtual network, which is a secure tunnel between two or more devices. When you use VPN (virtual private network), you connect to the Internet through an intermediate server. It is managed and directed by the supplier. The security of your connection is determined by the VPN protocol, which is a set of instructions that define encryption between two devices.
Different protocols use different encryption and authentication methods, which leads to different levels of speed and security. Therefore, the article will compare VPN protocols by their characteristics.
PPTP
Being one of the oldest Internet protocols, PPTP has been widely used since the time of Windows 95 OC, using the authentication package MS-CHAPv2. At the same time, the PPTP VPN protocol is smart enough for its age and is quite easy to configure. However, the reverse side of the coin is its complete defenselessness.
Advantages and disadvantages
Here is some of them:
- The protocol relies on various authentication methods to ensure security. Among commercial providers, it is almost always MS SNAP v2. The encryption protocol (similar to the standard cipher) used by PPTP is MPPE encryption. This protocol was created by a consortium founded by Microsoft for the development of VPN over corporate networks.
- It is available as a standard on almost every platform and device with VPN support. It is easy to configure without the need to install any additional software, simply using the built-in resources.
- Its advantage is also that its implementation requires very small computer production capacities, that is, the protocol does not consume resources.
- The main disadvantage, unfortunately, is the lack of security. Microsoft themselves issued a recommendation to use L2TP / IPsec or SSTP instead of this protocol. PPTP VPN is considered the least secure, and resorting to it is recommended only in the most extreme case.
L2TP
L2TP is a PPTP update that provides better security by reducing speed. L2TP is commonly used with IPsec (Internet Protocol Security), which is why they are often called L2TP / IPsec. Like the previous version, L2TP is available almost everywhere and is quite easy to configure. Although it has security issues and can also be blocked by a firewall, L2TP is suitable for anonymizing or for changing the location of a VPN. In general, L2TP is a “quick and easy” solution.
Advantages and disadvantages
- Easy to customize.
- Available on all modern platforms.
- May be faster than OpenVPN.
L2TP is very common and embedded in most devices that support VPN today. Therefore, it is as easy to configure as PPTP.
It does not provide any encryption or privacy for the traffic that passes through it, so it is usually implemented using the lPsec authentication set (L2TP / IPsec). L2TP / IPsec can use 3DES or AES ciphers.
L2TP / IPsec encapsulates data twice, which slows down. This is offset by the fact that encryption / decryption takes place in the kernel, and L2TP / IPsec allows multithreading. But OpenVPN is not. As a result, the L2TP / IPsec speed is theoretically higher than that of OpenVPN.
Openvpn
A kind of gold standard for VPN protocols. It offers top performance, first-class security and convenient settings.
Advantages and disadvantages:
- Very high level of security (subject to the use of PFS).
- Very convenient and detailed settings.
- Open source software.
- Bypasses firewalls.
- Requires third-party software installation.
What is OpenVPN?
OpenVPN is an open source program that uses the OpenSSL library, as well as TLS protocols and a combination of a number of solutions to create a stable VPN architecture.
One of the main advantages of OpenVPN is that it is very simple to configure. Although it is not intended for any platform as a standard application, it can be purchased independently, as a third-party application. OpenVPN user clients and applications are often available from individual VPN providers, but the main open source code was developed by the OpenVPN project.
The main advantage of this service is that the OpenSSL library, which serves as the basis and base for providing encryption for this program, supports a huge number of cryptographic algorithms. Thus, if you think which VPN protocol to choose, then OpenVPN is considered the most secure of the widely available.
SSTP
SSTP provides almost all the advantages that OpenVPN provides, only under Windows. At the same time, it is very safe, supported by all Windows devices and easily bypasses most firewalls.
Unfortunately, SSTP is not available on alternative operating systems and does not have open source code, unlike OpenVPN. So it is recommended to use SSTP where OpenVPN is not available.
SSTP is an encryption type that uses SSL3.0 and, accordingly, offers the main advantages of OpenVPN. This includes the ability to open TCP port 443 to bypass censorship. And with normal integration with OC, you can make this protocol more comfortable, convenient and stable, even than OpenVPN. However, unlike the latter, SSTP is proprietary software owned by Microsoft. The code for this software is not open to the public, but is the property of Microsoft. At the same time, Microsoft’s long history of cooperation with US intelligence agencies and numerous assumptions about hidden loopholes built into Windows do not inspire confidence in this standard. And one more problem was revealed not so long ago: in SSL v3.0, a vulnerability was identified under the code name POODLE.
IKEv2
IKEv2 is one of the newest and most technologically advanced VPN protocols. This VPN offers the user high speed, extreme security and a very stable connection. IKEv2 is also available on most computer platforms (Windows, MacOS, Android, iOS) and remains virtually the only option for BlackBerry users.
Unfortunately, IKEv2 is currently not available on all platforms (for example, there is no access on Linux) and is very limited in configuration (compared to OpenVPN). In addition, far from all protocol implementations deserve trust, so be careful and use only open-source versions of IKEv2.
Advantages and disadvantages
When using IKEv2, the following points should be considered:
- Speed.
- Stability - especially when switching the network, as well as when reconnecting, after losing the Internet connection.
- Security (if AES is used).
- Easy VPN setup.
- The protocol is supported on Blackberry devices.
The downside is that it is not supported on many platforms.
IKEv2 was developed jointly by Microsoft and Cisco. From the very beginning, it is supported by Windows 7+, Blackberry, and iOS devices.
Independently developed, compatible versions of IKEv2 were created for Linux and other operating systems. Many of these iterations are open source. And although the article previously suggested caution about Microsoft products, open source versions of IKEv2 should not be suspicious.
Strictly speaking, IKEv2 is just a tunneling protocol. It becomes a VPN only in combination with an authentication suite such as IPSec. That is, logically, this can best be described as IKEv2 / IPsec.
Microsoft VPN, known as VPN Connect, works well in automatically recovering VPN connections when users temporarily lose their network connections, for example, when entering or leaving a train tunnel. This makes IKEv2 very useful for mobile phone users constantly tumbling between their home Wi-Fi connection and mobile hotspots. For those who often change Internet access points.
IKEv2 is not as widespread as L2TP / IPSec, as it is objectively supported on fewer platforms. However, it is considered at least as good, if not superior, to L2TP / IPsec in terms of security, performance (speed), stability, and the ability to establish (and recover) a connection.
VPN for Yandex
To install a free VPN for this browser, you need to go to the menu> add-ons directory. Enter VPN in the search line. Many options will open, but you need either ZenMate (free), Hola (shareware) or TunnelBear (paid).
And for Yandex, an application called friGate is freely distributed. This is a very useful program that allows using VPN to open resources blocked by a decision of the judicial or state authorities, and at the same time not to slow down the Internet speed. In addition, inside the program there are black sheets of forbidden resources, which initially included many sites, and this list is intended for replenishment.
To install the friGate application in a browser, you need to go to the official website (link here): https://fri-gate.org and press friGate CDN. The installation of the VPN application for Yandex will begin automatically, after which the corresponding icon will appear on the right of the application line.
For Mozilla Firefox
In the browser menu, go to the “Add-ons” submenu - the “Extensions” item. There, just find the search bar and type in the word VPN. A list of applications in the store opens, among which there are both free options as a demo version, and full-fledged paid programs. Recommended VPNs include: Hotspot Shield, Hoxx VPN Proxy, Zen Mate Security, Privacy & Unblock VPN.
Mobile Connection
In order to enable VPN on smartphones and tablets running on Android or iOS platforms, you will also need special applications. Some of them are distributed freely, but some, for example, OpenVPN for Android or Cloak for iOS, require money. One of the most convenient and free applications is the VPN built into the Opera browser, which is called: Opera VPN.
These applications can be downloaded and installed from the Google Play and App Store online stores. After that, you need to enable and activate VPN and select your “new” ip-address from which you will be connected to the network.