VPN Encryption Protocols Explained

A VPN can provide a way to keep your location private by replacing the IP address of your ISP’s gateway router with an anonymous IP from the VPN provider’s pool.  It will prevent your ISP, or Google and other websites from discovering your location, tracking your activity online, or saving your search history.  The contents of your communications are changed from plaintext to cyphertext through the process of encryption.

Encryption is the secret sauce in using a VPN.  Most of the time when you purchase VPN service, the VPN provider chooses the encryption type for you, based on the type of service you bought or your intended use.  Many services allow you to choose you encryption method.  Here is a quick rundown of the most common choices.

  • PPTP – Point to point tunneling protocol is easy to set up and use, but is not as secure as you want, and has become vulnerable to cracking.  If this is the only option your service provider offers, move on.  PPTP works on TCP port 1723.
  • L2TP – Layer 2 tunneling protocol actually does not offer its own encryption, and relies on creating an IPSec tunnel to encapsulate and secure the packets being sent.  There are issues getting past firewalls.  L2TP uses UDP port 500.
  • SSTP – Secure socket tunneling protocol is a Microsoft standard, so works well with Windows, of course. It is cross functional with Linux and Mac OS X.  The encryption method is SSL v.3.  Since most forms of SSL are deprecated, and have been replaced by TLS, this may not be your best choice, unless it is using the TLS standard.  SSTP uses TCP port 443, and has no problems with firewalls.
  • IKEv2 – Internet key exchange version 2 is a newer encryption protocol from Microsoft and Cisco, and like L2TP, it uses an IPSec tunnel for encryption.
  • Open VPN – This is an open-source project from OpenSSL.  Open VPN uses AES encryption, and is considered the strongest of the alternatives listed here.  Open VPN can run on port 443 and this makes it easy to use with a firewall.

Hopefully, this article and the two previous articles has help you decide if a VPN is for you, and how to go about selecting a good service provider.  Yes, I do use a VPN myself, although not all the time.  But if I am on a public Wi-fi, hotel network, or guest network, I will usually turn it on.  A little security can go a long way to protecting your identity and personal information from thieves and other bad actors.


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Owner of the WyzCo Group Inc. In addition to consulting on security products and services, Bob also conducts security audits, compliance audits, vulnerability assessments and penetration tests. Bob also teaches Cybersecurity Awareness Training classes. Bob works as an instruction for CompTIA’s non-profit IT-Ready Program in the Twin Cities. IT-Ready is a tuition free 8-week program designed to teach students of all ages the fundamentals of IT support to prepare them for an entry level position in Information Technology Support. Graduates of the classes take the exams to become CompTIA A+ certified. Bob is a frequent speaker at conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. Bob has been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com
  Related Posts

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.