VPN Protocol Basics

As promised in my previous post, 5 Reasons to use a VPN, I introduce you to the common VPN protocols. Prior to that article I also wrote on the differences between VPNs and proxies.

Knowing the different kinds of protocols can help you make sure you are getting the best internet privacy when you need it. To learn more about why surfing privately is important to you, you can check out parts 1 and 2 of my series, What is Internet Privacy: Personal Data Brokers, and Free Speech.

VPN Protocol Vocabulary

Before we get started it’s important to know some of the terms commonly used when talking about VPN protocols. These will help you gain a greater understanding in future posts and your continued reading.

Maybe you have heard these terms before, either online or in conversation and just nodded your head in agreement even though you didn’t fully grasp the concepts. Don’t worry your secret is safe with me!

Let’s first get into TCP and UDP. These are the methods in which bits of information known as ‘packets’ are transferred. These two methods are used on top of internet protocol or IP (the universal standard that devices use to communicate online). They are not the only protocols that are sent on top of IP but are the most common- TCP being the most used.

TCP- Transmission Control Protocol. Establishes 2 way communication. When you attempt to load a webpage by typing an address, clicking a link, signing in or anything else, your computer sends a TCP request to the hosting web server. The packets sent over a TCP connection are numbered to ensure that the user receives the information in order. The receiver (you) sends an acknowledgement back to the sender to let it know that it received the packets. If no response is received then the sender will attempt to continue sending the packets until receipt is confirmed. TCP focuses on reliability: not only does the sender make sure you gets all the packets, but the packets are also tracked to ensure there was no lost or corrupted data during transmission. This protects the data from having problems even if there are incontinuities in the connection or transmission.

UDP-User Datagram protocol is the fast and furious version of TCP. All checks for errors and 2 way communication used by TCP is thrown out the window in favor of speed. So, unlike TCP the sender will not wait for acknowledgement that the receiver has gotten the packets- instead it will just continue sending the packets. The increase in speed that UDP transmission offers is great for things like online video games and live broadcasts. That’s why if you’ve ever watched a live stream or something using UDP and you have a hiccup in your communication, the video will freeze then start again after a few seconds- you missing everything in between- because the sender is continually sending new UDP packets without checking for errors. This also creates the effect of ‘lag’ in video games. Where characters or objects teleport across the screen when they aren’t supposed to.

Next, we have SSL vs TLS. If UDP and TCP are the methods used to transfer information, then SSL and TLS are the way to encrypt the information when the packets are sent. Secured Socket Layer, or SSL, is the older of the two. Nevertheless, SSL is still widely used. It was first created by Netscape, and made it to version 3 before being changed to TLS. Transport Layer Security, aka TLS, is still on version 1 (1.2 to be exact, 1.3 is currently in the draft stage). Both of these establish a secure bidirectional transfer of information. TLS however can be used to securely transfer packets not only on the internet. There are only a few minor technical differences that are beyond the scope of this article. Either way, websites must apply in order to receive a certificate for either one of these protocols.

HTTP vs HTTPS- Now that we know what SSL and TLS are I can easily describe the difference in HTTP and HTTPS. You have probably noticed in the address bar that HTTPS sometimes preceds the URL. When HTTPS is displayed that means that you are viewing a website with a SSL or TLS connection. By clicking on the lock symbol next to it you can find out what certificate that particular website has. This is all you really know for now but it is important to note that there are other certificates available like one by Apache which will give you HTTPD.

Last new term I’m gonna throw at you is cipher. All encryption uses a certain number of keys, whether it be 128, 256-bits. This number refers to the actual number of 0’s and 1’s used in the key. Up until the Edward Snowden revelations, it was thought that 128-key encryption would be sufficient for the next 100 years. After all, using a brute force attack (simply guessing the combination until the key is found) would take 3.4 x10^38 guesses!

So, a cipher is the mathematical way (algorithm) in which the key is created. Knowing the cipher would allow you to read all messages that use that cipher. For example, if you knew the cipher for pig latin: take the first letter put it at the end at ‘ay’, for words beginning with vowels, take first consonant and all vowels before it and put them at the end and ad ‘-ay’. Then you can easily read all messages written in pig latin.

Not all ciphers are created equal, Advanced Encryption Standard (aka AES) is currently used by the government and is considered to have the most secure cipher (which is what LiquidVpn uses on all of its SSTP, L2TP, and OpenVPN connections).

VPN Protocol Choices

Right, now that we have that out of the way we can go into each VPN protocol.

PPTP- Point to Point Tunneling Protocol- initially developed to establish connections over dial up connections. Being such an widely used and longstanding VPN protocol not only is it easy and quick to set up, it is available universally on any VPN capable device, and it’s fast to boot. Since it was first created by Microsoft several vulnerabilities have come to light. Even though these have been patched, or fixed, it is still recommended that users connect with a different VPN protocol for those who want maximum internet privacy.

L2TP- Like PPTP, Layer 2 Tunnel Protocol is also built into most VPN enabled devices. And also like PPTP it is also fairly quick and easy to set up and use. It’s better than PPTP because it is considered more secure as it has no major known vulnerabilities. One flaw it does have, however, is that it is more often blocked by NAT firewalls; which are Network Address Translation firewalls built into most home routers. NAT firewalls prevent unwanted connections by screening IP addresses of allowed devices and translating all traffic over to a single IP before the router sends off the information to the server (useful against hackers). L2TP by itself is not encrypted. In order to be encrypted it needs to incorporate the use of internet protocol security (IPsec), most VPN’s should offer this automatically with their L2TP connections: but you should always double check. Besides sometimes being blocked by your home router’s NAT firewall this type of VPN protocol doesn’t have many drawbacks.

OpenVPN- As the name suggests, the OpenVPN protocol is developed via open sourcing. Open source means that the code is publicly available to scrutinize and alter. OpenVPN is perhaps the best all around VPN protocol available. Because of its open source development it is highly configurable, and available on virtually any platform. It’s usually used via UDP but can also be used on TCP. It’s extremely difficult to block as the traffic is impossible to differentiate from HTTPS traffic. Due to its vast amounts of configuration, it is sometimes more troublesome on initial set up; but many third party VPN clients like LiquidVPN, offer a pre-configured setup. LiquidVPN provides several. The use of ephemeral (temporary) keys used also makes it immune to NSA or RSA encryption attacks.

SSTP-  Secure Socket Tunneling Protocol was developed by Microsoft, and as such, works beautifully with Windows devices. Although you can use SSTP on Apple products it does require more software (the LiquidVPN app has the extra software built in). The SSTP VPN protocol is generally considered very secure, with one caveat. It is a proprietary protocol, and as such the code isn’t available for the public to scrutinize. This means that there may, or may not, be a back door incorporated somewhere for the NSA to snoop.

IKEv2- Internet Key Exchange is another IPsec based tunneling protocol. It’s inherent in Windows 7 and above and is also one of the few VPN protocol availabe for the Blackberry. What differentiates this protocol from the others is its ability to re-establish a VPN connection when the internet connection is broken. This is especially useful for mobile devices where a user may use several different WiFi Hotspots in a single day.

See that wasn’t so bad, was it? Did you take notes? Stay tuned for more in-depth and informative VPN protocol articles by yours truly.

feature image courtesy of wikimedia commons.

You can follow your favorite VPN service @LiquidVPN

You can follow the author @FreelanceTony


no piracy worries here, share and share alike!