Not All Security Protocols Are Created Equal – A VPN Protocol Comparison

It’s with good reason that many internet-savvy computer users have adopted the use of VPN protocols for their security. The World Wide Web can be a scary place for those who don’t know how to protect themselves from casual criminals and an increasingly intrusive government all seeking access to their personal information. But not all VPN encryption protocols are created equal. Below is a VPN protocol comparison, offered for your perusal to help you make a more informed decision.
data encryption key


Point-to-Point Tunneling Protocol, or PPTP, was the original VPN protocol, making it a good place to start in evaluating options. However, as the years have gone by and technology has improved, it has become quite unreliable and insecure. It uses exclusively 128-bit encryption keys, and is widely known to have some serious security vulnerabilities.

The up-side? Well, it’s easy to use. It was co-designed by Microsoft and comes pre-installed on your OS, so there’s no need to download third party software. But even coupled with its comparatively quick speed this does not make up for the extensive connection difficulties, and more importantly the ease with which the NSA or any other competent hacker can decrypt your information.

So should you be using PPTP? Maybe, if you have gotten lonely sitting around in front of your computer and are just looking for the comfort of knowing that the NSA is always there to listen. If you require actual privacy and information security, then no. No one should be.

L2TP and L2TP/IPSec

Layer 2 Tunnel Protocol does not in itself provide internet anonymity or encryption. In order to do this it must be paired with IPsec. IPsec uses 256-bit encryption and encapsulates data at both ends, which makes its use more secure than PPTP, but also slows it down.

Like PPTP, L2TP comes built into your OS. This has led to seemingly well-supported theories that it was designed with intentional weaknesses built in for exploitation by the NSA. Coupled with its exclusive use of UDP port 500, which poses a challenge when trying to get around firewalls, it does not appear to be a very appealing option.

If all you’re looking for is something to stop casual criminals from reading your emails when you’re using public Wi-Fi, L2TP might be a good option for you. At the very least it’s more effective than PPTP. But if you’re looking for genuine information security, look elsewhere.


Secure Socket Tunneling Protocol is largely available only on the Windows OS. It is very stable and uses Perfect Forward Secrecy (PFS), meaning a new temporary encryption key is set each time you visit a website. SSTP supports AES encryption, and port variability gives you the option of easily getting around firewalls as it can be set to run on port 443 TCP, leaving it virtually indistinguishable from ordinary HTTPS traffic.

However, it is also designed and owned by Microsoft. In perusing this article, you may have noticed a trend by now. Microsoft has a well-established history of cooperation with the NSA. This combined with the fact that their code is private with no public availability means there is no way to hold Microsoft accountable for your privacy. There has been no proof of exploited security vulnerabilities, but the more paranoid among you may feel that this collusion is itself enough to turn you away from the protocol.

To determine whether SSTP is for you, answer the following question: how much do you really trust the NSA and its collaborators?


As with most things in life, in this article the best has been saved for last. Open VPN combines the best of the VPN encryption protocols listed above with the added benefit of being open source. It uses PFS through ephemeral key exchanges, generating a new temporary encryption key for each session like SSTP. It’s equally customizable in its configuration as well; although it runs best on a UDP port, it can also be set to any port to work around firewalls with comparative ease.

OpenVPN supports a variety of cryptographic algorithms, from 128-bit Blowfish encryption on up to 256-bit. The speed at which it runs will be dependent on encryption level, so if all you require is basic security, go ahead and run the protocol with this pre-installed standard. Or, if you’re looking for actual anonymity and safety from the NSA’s prying eyes, use Twofish or AES encryption instead. It may slow your connection down a bit, but it also works. Even so, with hardware acceleration, you’ll see improved connection speeds.

The only down-side is the need for installing a third-party application. This can present more of a challenge to a novice user, requiring the download of extra configuration files and some custom set-up. The hassle, however, is well worth the knowledge that you’re using a VPN that runs on open source code. This means you don’t have to place your internet safety in the hands of a company known for intentionally weakening their protocols in the design phase for passive NSA complicity, and instead you trust the larger body of other users to identify and fix any potential security risks.

Combining VPN with Tor and Double Encryption

Feeling paranoid? Tor is a free software that is built to fight Internet censorship and protect your anonymity. Not perfect by any means, it adds another layer of security. Do note that because of the way it works by bouncing around various nodes of other users systems and servers, you can expect slower connection speeds.

Some VPN providers such as NordVPN, have also resorted to double encryption to protect your data further. First, the traffic is encrypted between your PC and the VPN’s server. Next, the VPN server re-encrypts this traffic a second time using a second VPN server.  Understandably, double encryption will slow the data transfer some but for those who seek more peace of mind, it may be another way to go.


So what’s the best VPN protocol for your needs? Hopefully this comparison of common VPN encryption types has helped you decide on what’s best.  Whatever you choose, stay safe always.

Related posts:

Speak Your Mind