Guest Post – The Definitive Guide To VPNs – Part 3

This week we are taking a deeper look at VPN services courtesy of a guest post from The Gadget Enthusiast.

VPN Protocols

So far, we’ve learned that the VPNs route your requested data through their servers to keep you anonymous.

But, as it happens with many things in the tech world, there’s not one but many different methods to route that data between you, the VPN servers, and the actual data source.

These different methods are called VPN protocols, and each of them has their own pros and cons – in one way or another.


Introduced way back in 1995, Point-to-Point Tunnel Protocol is one of the oldest VPN protocols out there, and it was actually designed to work with dial-up connections in Windows 95.

Those dial-up connections were very basic in terms of speed. So, it was natural for devs to have speed as their main priority back then. As for compensations in the area of speed, some compromises were made in security.

Due to these compromises, this protocol is no longer considered secured by any means.

That being said, it is still useful in situations where internet speed is your top priority (like in web streaming).


L2TP was introduced as an upgrade to the PPTP and L2F protocols. Strangely enough, this protocol doesn’t provide any security on its own, despite being an update.

Instead, it is paired with a security protocol called IPSec, which uses AES-256 encryption to provide the necessary security.

But despite being highly compatible and stable, and having no real problem, there are some basic downsides of this protocols, such as relatively slower speed, usage of pre-shared keys (so if the key is changed at one end, it has to be updated at the other end as well) and default usage of UDP 500 port for key exchange.


Another popular protocol in VPN tunneling is SSTP.

Being developed by Microsoft, it’s available in every Windows OS since Vista SP1, but Mac, Linux, and Android OSes are supported too. That being said, the overall support is lower than other VPN protocols.

For authentication, SSTP uses 2048-bit SSL/TLS certificates while encryption is done via 256-bit SSL keys.

Moreover, it uses 443 port (the one which can bypass most of the firewalls out there) to connect to the server.

All in all, SSTP is more secure than PPTP and L2TP/IPsec but has some little downsides in the form slightly slower speed (due to high-level of security) and the fact that any 3rd-party can’t audit it for vulnerabilities.


IKEV2 is another VPN protocol developed by Microsoft, along with Cisco. On its own, IKEV2 just provides a secure key exchange method. This is the reason why it’s combined with IPSec security protocol, for encryption and authentication.

Since this protocol has a unique ability to reconnect quickly in case of a connection loss (due to the MOBIKE, a protocol which resists network changes) and network switching, it’s quite commonly found in mobile-based VPNs.

Other than this, IKEV2 is known for multiple high-end ciphers, simple connection setup, and faster data transmission speed.

On the other hand, its downsides include UDP 500 port usage and limited cross-platform compatibility.


The last popular VPN protocol we’re going to discuss is the OpenVPN.

One significant advantage it has over other protocols is its open-source nature, which means anyone can use it for his own purpose, or can contribute by removing any bug in its code.

This is the main reason why OpenVPN is very stable and secure, with no real flaw. For further security, it uses methods like AES 256-bit key encryption, with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.

In the past, OpenVPN was used to be criticized for its slower speed (due to added complexity by different encrypting algorithms), but recent versions have effectively negated this issue.

All in all, this is the best protocol you can have in a VPN. In fact, it’s the default choice in many popular VPN services.

Quick Summary of VPN Protocols

For skimmers out there, here’s the quick summary for all the protocols we discussed above.

  • PPTP: Fast, widely implemented, but not secure. Only use for live streaming and basic web browsing.
  • L2TP/IPsec: Commonly used protocol, but can be easily choked due to dependence on UDP 500 port.
  • SSTP: Very good security but relatively slower speed.
  • IKEv2: Mobile user-friendly, and suitable for temporary connection loss.
  • OpenVPN: Open-source and offers the most robust encryption. Suitable for all activities.

IP Leaks & Kill Switches

If somehow, your VPN connection is dropped or stop working due to some reason, it may lead to your privacy broken.

A kill switch is a program or mechanism which is used to monitor the network status in case of insecure connection establishment.

Why use a kill-switch?

Sometimes, even most stable VPN services will have a tumbled connection. This is where this feature becomes useful.

Most of the users don’t need this type of feature or service in their VPN, but it is always good to have a feature for those who are not compromising about their privacy

Types of kill switch

  • Application kill switch
  • System kill switch

System kill switch

  • The most simple and common kill-switch type.
  • It will completely cut the internet connection from the computer.

Application kill switch

In this type of kill switch, you can close the specific application when the kill switch activates.

Common programs you may want to kill in case of a connection drop.

  • Web browsing
  • Torrent Client
  • Skype

Bandwidth Restrictions

Many users have reported that some VPN services, especially free ones, cause their internet to slow down. This is mainly due to bandwidth restriction which usually throttles/downgrades your internet speed for a specific type of traffic, but can sometimes slow down your internet as a whole.

Paid VPNs don’t have this problem – in most cases – because each user is allocated its bandwidth separately, but it’s good to do research before purchasing any paid VPN.

VPN And Ads/Pop-ups

Online Ads and pop-ups are a big threat to the security and privacy of a user.

Whether you are doing basic web browsing, streaming live matches, or downloading some content, you often look at the advertisements not so suitable for you.

These advertisements might have been placed on these websites by the third party to increase the traffic to their own websites, but many times, these ads include hidden malware, viruses, and ransom-ware to leak your privacy and security.

Several VPN providers also provide an ad-blocker service.

A VPN ad-blocker service can be implemented in three different ways: in the browser, in the VPN server, and in the VPN client software. These VPN blockers aim to prevent these unnecessary ads and pop-ups and ensure your privacy and confidentiality during your routine works.

How Many Concurrent Connections Are Allowed?

Most of us have more than one device to take of, these days. This is why there’s no point getting a VPN which only allows one/two concurrent connections because you can’t secure all of your devices in this scenario.

Below are some VPN that provide multiple simultaneous connections.

NORDVPN: Provides as many as six concurrent connections on different devices.

IPVANISH: Provides five simultaneous connections.

CYBERGHOSTVPN: Provides up to five concurrent connections.

If you are unable to find a VPN provider to cover all of your home devices, there’s another solution in the form of a VPN router. This way, you can have limitless connections to your home devices, but it requires some technical background in computer networking (more on this later).

We will conclude this article in our next post.

More information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at
  Related Posts


  1. Korin  May 28, 2019

    All these tech terms are so difficult to understand. I’m such a non-technical person… I use NordVPN for watching US Netflix and I thought this is the main purpose of it, but now… So I’m not only enjoying the shows, but I’m also protected from hackers, right? Cool! I’m even more glad that my dad suggested using this provider.


Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.