Since we have talked about VPNs, so in this article we will cover VPN security protocols. Protocols are those little understandable acronyms, such as PPTP, L2TP, SSTP, IKEv2 that every service boasts and that are essential to establish the security of a service.
Structurally, VPN connections are not complicated. They are based on a client, tunnel and server structure. The client routes the data of those who use the service in the tunnel, the tunnel enables the secure transport of data to the destination server. The destination server can be connected to a private corporate network or to the Internet.
With this ploy, all internet traffic made by the client appears to come from the server’s IP. This is the reason to use VPN to avoid territorial blocks (every serious service has servers located all over the world), and for hide your IP address (and therefore your identity).
What are security protocols?
Such a connection may have only two weaknesses, the tunnel, and the destination server. The security of the destination server depends on the service provider, although the best ones do not record connection data, sessions and exchanged data (they have strict no-logs policies).
So the only weak point may be the tunnel and here they come into play. The VPN security protocols They are those that guarantee that the data reaches the client to the server without being able to be decrypted.
So, if a service encrypts data with a reliable protocol and does not keep logs, its security is practically total and its users have anonymity on the network. practically guaranteed.
The most used VPN security protocols
In this paragraph we will delve into the operation, strengths and weaknesses of each protocol:
Certainly still today it is the most used security protocol for VPN, although now it is less safe. Its name is an acronym for Point-to-Point Tunneling Protocol (which can be translated into Spanish as the point-to-point tunneling protocol). The protocol was developed by Microsoft in 1999 and due to its many known vulnerabilities, the same company not recommended for use since 2012.
The PPTP protocol supports 128-bit encryption keys. It is very popular because it is compatible with practically all operating systems and with a large number of devices (even many routers). For now, it is not recommended to use PPTP for tasks that require a minimum of security.
VPN security protocols: SSTP
He is the heir to PPTP. It was developed by Microsoft and released with Windows Vista Service Pack 1. The SSTP protocol, which stands for Secure Socket Tunneling Protocol, is also available for systems other than Windows.
It is a very fast protocol, practical to use and also safe since, to date, no known vulnerabilities. SSTP is based on SSL v3, so you have no problems with the NAT firewall. On the web, the complete reliability of SSTP is questioned because Microsoft, based on what emerged, has a history of contacts with the NSA and may have inserted some back doors.
Therefore, the use of this protocol is recommended. who does not want to do international espionage. In general, if you want a higher degree of security, you should look for OpenVPN.
L2TP / IPsec
Its name stands for Layer 2 Tunneling Protocol. It is just a tunneling protocol, which is often used by VPN services. On your own, L2TP does not provide any encryption and without data protection, so it is combined with IPsec. IPsec supports keys of up to 256 bits. Double encapsulation does not make L2TP / IPsec the fastest security protocol, but it has its wide compatibility and ease of installation.
No known major vulnerabilities for this security protocol, but Snowden has confirmed the suspicions of many security officials that IPsec may have been compromised and weakened since its inception. In any case, L2TP / IPsec is a fairly secure protocol, so it is recommended for everyone unless they are spies, international criminals, or political activists in risky countries like China.
VPN security protocols: IKEv2
It is a protocol developed jointly by Microsoft and Cisco and released with Windows 7. Internet Key Exchange Version 2 (IKEv2) is very similar in operation to IPsec, of which it is an evolution. Having been programmed by Microsoft, it is natively compatible with all of their recent systems. It is also compatible with Linux and Blackberries.
Many of the clients of famous VPN services use this default protocol. It is chosen because it is considered safe, What no known vulnerabilities and no backdoor rumors circulating. The ease of configuration for the user and the ability to reconnect automatically are appreciated.
The only real flaws in IKEv2 are the difficulty of server-side implementation, and that the protocol routes all its traffic through UDP port 500, which is quite simple to block.
Finally, let’s talk about more secure protocol. OpenVPN is open source, making it more difficult for the NSA to insert backdoors without anyone noticing. OpenVPN uses the SSLv3 and TLSv1 protocols for the connection and the OpenSSL library for data encryption. The library supports several valid encryption algorithms: Camellia, 3DES, AES, Blowfish, and CAST-128.
VPN services mainly use AES with 128-bit encryption key (a small number of services use Blowfish). Currently, AES is considered safe, so much so that it is used by the governments of several states, including the US. As for the connection, OpenVPN is generally configured to exchange data over the UDP port, but it can be configured to route traffic to any port, making it the most difficult protocol to block.
OpenVPN is a fairly young protocol, it needs a dedicated client to work, and it is not natively supported by many systems. Setting up an OpenVPN client is by no means trivial, which is why many services offer their own preset clients for various platforms. According to Snowden, it is the only protocol that is safe from the NSA for now.
Conclusions of VPN security protocols
Here is a quick summary. When they are available it is always recommended to use: OpenVPN, IKEv2 or SSTP. If possible, the use of the PPTP protocol should be avoided because it is now an outdated and insecure solution.
All security protocols are only useful on trusted VPN services.
Free VPN services rarely allow you to choose the protocol, because it would be a joke, as they often sell their users’ browsing data for financing.