Before you trust a VPN to protect your Internet activity, you need to make sure they’ve put in place the necessary safeguards. Evaluating
the more technical aspects of a VPN can be difficult, especially for the
average user. It often means users are struggling to understand an
alphabet soup of different acronyms.
We have begun a series of posts where we explain some of our security measures so that people can make more informed decisions. Our
first post explained what HMAC SHA-384 means. This post will investigate
VPN protocols, what they do, how they work, and what it means if a VPN
service uses OpenVPN over L2TP, for example. This post delves into some
of the inner workings of VPNs. While we try to explain terms clearly,
this post will be more useful if you come in with some basic technical
knowledge.
VPN Protocols
VPNs rely on what is called “tunneling” to create a private network between two computers over the Internet. A VPN protocol, also known as a
“tunneling protocol,” is the set of instructions your device uses to
negotiate the secure encrypted connection that forms the network between
your computer and another.
A VPN protocol is usually made up of two channels: a data channel and a control channel. The control channel is responsible for the key
exchange, authentication, and parameter exchanges (like providing an IP
or routes and DNS servers). The data channel, as you might have guessed,
is responsible for transporting your Internet traffic data. Together,
these two channels establish and maintain a secure VPN tunnel. However,
for your data to pass through this secure tunnel, it must be
encapsulated.
Encapsulation is when a VPN protocol takes bits of data, known as data packets, from your Internet traffic and places them inside another
packet. This extra layer is necessary because the protocol
configurations your VPN uses inside the data channel are not necessarily
the same as the ones that the regular Internet uses. The additional
layer allows your information to travel through the VPN tunnel and
arrive at its correct destination.
This is all a bit technical, so broad overview: When you connect to a VPN server, the VPN uses its control channel to establish shared keys
and set up a connection between your device and the server. Once this
connection is established, the data channel begins transmitting your
Internet traffic. When a VPN service discusses the strengths and weaknesses of its performance or talks
about a “secure VPN tunnel,” it is talking about its data channel. Once
the VPN tunnel has been established, the control channel is then tasked
with maintaining the connection’s stability.
PPTP
Point-to-Point Tunneling Protocol (PPTP) is one of the older VPN protocols. It was initially developed with support from Microsoft and,
thus, all versions of Windows and most other operating systems have
native support for PPTP.
PPTP uses the Point-to-Point Protocol (PPP), which is like a proto-VPN in itself. Despite being quite old, PPP can authenticate a
user (usually with MS-CHAP v2) and encapsulate data itself, letting it
handle both control channel and data channel duties. However, PPP is not
routable; it cannot be sent over the Internet on its own. So PPTP
encapsulates the PPP-encapsulated data again using generic routing
encapsulation (GRE) to establish its data channel.
Unfortunately, PPTP does not have any of its own encryption or authentication features. It relies on PPP to implement these functions —
which is problematic since PPP’s authentication system and the
encryption that Microsoft added to it, MPPE, are both weak.
Encryption: Microsoft’s Point-to-Point Encryption protocol (MPPE), which uses the RSA RC4 algorithm. MPPE’s maximum strength is 128-bit
keys.
Speed: Because its encryption protocols do not require much computing power (RC4 and only 128-bit keys), PPTP maintains fast
connection speeds.
Known vulnerabilities: PPTP has had numerous known security vulnerabilities since 1998. One of the most severe vulnerabilities
includes exploiting unencapsulated MS-CHAP v2 authentication to perform a
man-in-the-middle (MITM) attack.
Firewall ports: TCP port 1723. PPTP’s use of GRE means it cannot navigate a network address translation firewall and is one of the
easiest VPN protocols to block. (A NAT firewall allows several people to
share one public IP address at the same time. This is important because the majority of individual users do not have their own IP address.)
Stability: PPTP is not as reliable, nor does it recover as quickly as OpenVPN over unstable network connections.
Conclusion: If you are concerned about securing your data, there is no reason to use PPTP. Even Microsoft has advised its users to upgrade
to other VPN protocols to protect their data.
L2TP/IPSec
Layer two tunneling protocol (L2TP) was meant to replace PPTP. L2TP can handle authentication on its own and performs UDP encapsulation, so
in a way, it can form both the control and data channel. However,
similar to PPTP, it does not add any encryption itself. While L2TP can
send PPP, to avoid PPP’s inherent weaknesses, L2TP is usually paired
with the Internet protocol security (IPSec) suite to handle its
encryption and authentication.
IPSec is a flexible framework that can be applied to VPNs as well as routing and application-level security. When you connect to a VPN
server with L2TP/IPSec, IPSec negotiates the shared keys and
authenticates the connection of a secure control channel between your
device and the server.
IPSec then encapsulates the data. When IPSec performs this encapsulation, it applies an authentication header and uses the
Encapsulation Security Payload (ESP). These special headers add a
digital signature to each packet so attackers cannot tamper with your
data without alerting the VPN server. ESP encrypts the encapsulated data
packets so that no attacker can read them (and, depending on the
settings of the VPN, also authenticates the data packet). Once IPSec has
encapsulated the data, L2TP encapsulates that data again using UDP so
that it can pass through the data channel.
Several VPN protocols, including IKEv2, use IPSec encryption. While generally secure, IPSec is very complex, which can lead to poor
implementation. L2TP/IPSec is supported on most major operating systems.
Encryption: L2TP/IPSec can use either 3DES or AES encryption, although given that 3DES is now considered a weak cipher, it is rarely
used.
Speed: L2TP/IPSec is generally slower than OpenVPN when using the same encryption strength.
Known vulnerabilities: L2TP/IPSec is an advanced VPN protocol, but a leaked NSA presentation suggests that the intelligence agency has
already found ways to tamper with it. Furthermore, due to the IPSec’s
complexity, many VPN providers used pre-shared keys to set up
L2TP/IPSec.
Firewall ports: UDP port 500 is used for the initial key exchange, UDP port 5500 for NAT traversal, and UDP port 1701 to allow L2TP
traffic. Because it uses these fixed ports, L2TP/IPSec is easier to
block than some other protocols.
Stability: L2TP/IPSec is not as stable as some of the more advanced VPN protocols. Its complexity can lead to frequent network drops.
Conclusion: L2TP/IPSec’s security is undoubtedly an improvement over PPTP, but it might not protect your data from advanced attackers. Its
slower speeds and instability also mean that users should only consider
using L2TP/IPSec if there are no other options.
IKEv2/IPSec
Internet key exchange version two (IKEv2) is a relatively new tunneling protocol that is actually part of the IPSec suite itself.
Microsoft and Cisco cooperated on the development of the original
IKEv2/IPSec protocol, but there are now many open source iterations.
IKEv2 sets up a control channel by authenticating a secure communication channel between your device and the VPN server using
the Diffie–Hellman key exchange algorithm. IKEv2 then uses that secure
communication channel to establish what is called a security
association, which simply means your device and the VPN server are using
the same encryption keys and algorithms to communicate.
Once the security association is in place, IPSec can create a tunnel, apply authenticated headers to your data packets, and
encapsulate them with ESP. (Again, depending on which cipher is used,
the ESP could handle the message authentication.) The encapsulated data
packets are then encapsulated again in UDP so that they can pass through
the tunnel.
IKEv2/IPSec is supported on Windows 7 and later version, macOS 10.11 and later versions, as well as most mobile operating systems.
Encryption: IKEv2/IPSec can use a range of different cryptographic algorithms, including AES, Blowfish, and Camellia. It supports 256-bit
encryption.
Speed: IKEv2/IPSec is faster than most VPN protocols currently available, especially ones that offer comparable security.
Known vulnerabilities: IKEv2/IPSec has no known weaknesses, and almost all IT security experts consider it to be safe when properly
implemented with Perfect Forward Secrecy.
Firewall ports: UDP port 500 is used for the initial key exchange and UDP port 4500 for NAT traversal. Because it always uses these ports,
IKEv2/IPSec is easier to block than some other protocols.
Stability: IKEv2 / IPSec supports the Mobility and Multihoming protocol, making it more reliable than most other VPN protocols,
especially for users that are often switching between different WiFi
networks.
Conclusion: Given its strong security, high speeds, and increased stability, IKEv2/IPSec is one of the best VPN protocols currently in
use.
OpenVPN
OpenVPN is an open source tunneling protocol. As opposed to VPN protocols that rely on the IPSec suite, OpenVPN uses SSL/TLS to handle
its key exchange and set up its control channel, and a unique OpenVPN
protocol to handle encapsulation and the data channel. This means that
both its data channel and control channel are encrypted, which makes it
somewhat unique compared to other VPN protocols. It is supported on
almost all major operating systems.
Encryption: OpenVPN can use any of the different cryptographic algorithms contained in the OpenSSL library to encrypt its data,
including AES, RC5, and Blowfish. OpenVPN supports 256-bit encryption.
Speed: When using UDP, OpenVPN maintains fast connections, although IKEv2/IPSec is generally accepted to be slightly quicker.
Known vulnerabilities: OpenVPN has no known vulnerabilities as long as it is implemented with a sufficiently strong encryption algorithm and
Perfect Forward Secrecy. It is the industry standard for VPNs concerned
about data security.
Firewall ports: OpenVPN can be configured to run on any UDP or TCP port, including port TCP port 443 that handles all HTTPS traffic, making
it very hard to block.
Stability: OpenVPN is very stable in general and has a TCP mode for weak or unreliable WiFi networks for extra reliability. This extra
stability comes at the price of diminished speed because of the
possibility of a TCP meltdown.
Conclusion: OpenVPN is one of the best VPN protocols currently in use, especially for users concerned primarily about data security. It is
secure, reliable, and open source. The only category where it is not
the best option is speed, where IKEv2/IPSec is generally slightly
faster.
WireGuard®
WireGuard® is an open source VPN protocol that is currently under development. Its goal is to make a much simpler and more streamlined
tunneling protocol, which should lead to a faster, more efficient, more
secure, and easier-to-use VPN.
Encryption: WireGuard uses ChaCha20 for symmetric encryption (RFC7539), Curve25519 for anonymous key exchange, Poly1305 for data
authentication, and BLAKE2s for hashing (RFC7693). It automatically
supports Perfect Forward Secrecy.
Speed: WireGuard uses new, high-speed cryptographic algorithms. This means that ChaCha20 is much simpler than AES ciphers of equal strength
and nearly as fast, even though most devices now come with instructions
for AES built into their hardware. While it is impossible to be sure
until the final version is ready, WireGuard promises to have fast
connection speeds and low CPU requirements.
Known vulnerabilities: WireGuard is still under development and should be considered as an experimental protocol. It has not been
subjected to the same security assessments as other VPN protocols, so
there still may be undiscovered vulnerabilities. It should only be used
for tests or in situations where data security is not critical.
Firewall ports: WireGuard uses UDP and can be configured to use any port. However, it does not currently support the use of TCP.
Stability: WireGuard is a very stable VPN protocol, and introduces new features that other tunneling protocols do not have, such as being
able to maintain a VPN connection while changing VPN servers or changing
WiFi networks.
Conclusion: While we are closely following the development of WireGuard, it is not yet ready for implementation. Once it has undergone
a thorough security audit and there is a stable release, WireGuard’s
strong encryption, high speeds, and simplicity will make it a very
competitive VPN protocol.
https://www.ritavpn.com/blog/what-to-do-after-a-data-breach/
https://www.ritavpn.com/blog/the-risks-of-default-password/
https://www.ritavpn.com/blog/why-does-one-need-a-vpn/
