Having access to all kinds of digital resources, no matter where you are or what sort of network connection you have, is a necessity in today’s connected world. Businesses need to share data with other businesses, and travelers need to stay in touch at all times. VPN protocols make secure, stable digital connections possible.
While applications hosted in the public cloud go a long way towards making location a non-issue, many resources are hosted privately for security and privacy. VPNs often facilitate access to these private resources, while VPN protocols determine how these resources travel between the VPN server and user’s device.
This article closely examines six of the most popular VPN protocols so you know how and when to use them.
What is a VPN?
VPN stands for “virtual private network.” VPN technology is a fairly straightforward idea: securely connect someone you trust to a resource they need via a network you don’t trust. VPNs create a secure tunnel through which encrypted traffic flows between networks. VPNs can make the internet, which is a public network that’s vulnerable to security breaches, private by making the data flowing between it unintelligible to anyone who intercepts it.
Common VPN examples include Cisco AnyConnect and NordVPN.
Why a VPN is important for businesses
VPNs are important to businesses because of the security and control they provide, performance they offer, and their cost effectiveness. Here’s how:
Security
VPNs make sending data over a public network safer by encrypting it: converting it to text that’s only decipherable by authorized users. When an unauthorized user, like a hacker, intercepts data sent through a VPN, it will look like incoherent, meaningless text.
VPNs therefore prevent websites, internet service providers, and apps from tracking user activity. They also prevent hackers from breaching sensitive information. In simple terms: VPNs protect data by obscuring its meaning.
Control
The type of VPN you use lets you control how data is transferred and what you need to share to access it. For example, one type of VPN helps employees connect to their company’s private network while they’re working out of the office, while another VPN connects two different office locations. Choose the right type of VPN for maximum control over who sees what kind of data.
Performance
It’s important to choose the VPN type that’s best suited for your needs, because different types of VPNs can affect performance in different ways. This guide to VPN types and protocols will explain in depth when to use which VPN to help you maximize performance.
Cost
VPNs can save you money by encrypting data and preventing costly security breaches. Let’s say you work for the IT department of an eCommerce business. If the company doesn’t use a VPN, a hacker could intercept a file with customer payment data and use customers’ credit cards. Your company could lose customers’ trust and be liable for refunding these fraudulent charges. With a VPN, you could prevent this costly chaos.
VPNs play a critical role in securely sending data by offering maximum control and performance with cost savings.
2 main VPN types
There are two main VPN types IT professionals encounter over and over again: remote access VPNs and site-to-site VPNs. Here’s a closer look into what they are, what they’re for, how they work, and who uses them.
1. Remote access VPN
A remote access VPN is a virtual private network created between a single user and a remote, or distant, network. This type of VPN is also known as a client-based or client-to-server VPN.
In most scenarios, the user manually starts the VPN client and authenticates with a username and password. The client creates an encrypted tunnel between the user’s computer and the remote network. The user then has access to the remote network via the encrypted tunnel.
Purpose
The purpose of a remote access VPN is to give individuals access to a local network when they’re not physically present or using a device in the network. For example, an employee would use a remote access VPN to connect to their company’s private network when they’re working from home. From here they can access all the files and software they would from their in-office work computer.
How it works
Here’s how a remote access VPN works:
- The user and network set up a VPN. The user installs client software on their device, or configures their operating system to use the VPN. The network establishes a VPN server.
- The user enters a password or shares their fingerprint to authenticate their identity. The VPN then grants the user access.
- The VPN creates an encrypted tunnel through which data can securely flow over the internet.
- Now that the secure connection has been established, the user can access all of the files and tools from the local network, just like they’re logging into a computer at the office, for example.
- Finally, the network conducts VPN monitoring to ensure optimal performance.
Use cases
Remote access VPNs are useful for a number of situations, including:
- Employees who work from home and need to access files from their office’s network. If employees have a computer that directly connects to a remote network at the office, they can also use VPN split tunneling to let some data flow through a VPN and some access the internet VPN-free.
- People who want to bypass regional restrictions, such as someone who wants to access programming available on Netflix in another country.
- Employees who use public Wi-Fi while traveling and want to avoid being hacked while accessing company files.
Remote access VPNs provide individuals with a secure connection through which they can access resources from a local network, no matter where they are.
2. Site-to-site VPN
Site-to-site VPNs are virtual private networks that securely connect two networks together across an untrusted network. While remote access VPNs connect individuals to businesses or large organizations, site-to-site VPNs allow businesses to connect to each other, internally and externally.
Purpose
A site-to-site VPN offers secure resource sharing between multiple networks.
An intranet-based site-to-site VPN creates a secure connection between two or more internal networks. A site-to-site VPN example is one that could connect the Los Angeles and New York City offices of a company, so their employees can securely access the same files.
An extranet-based site-to-site VPN creates a secure connection between two or more external networks. Let’s say an engineering company is collaborating with a university and local government on a sustainability initiative. They would establish an extranet between the three entities using a site-to-site VPN to safely share resources.
How it works
Site-to-site VPNs create a wide access network (WAN) between multiple locations of the same institution, or by establishing a secure network between different institutions. This VPN works by directly linking multiple locations or networks, instead of placing local area networks (LANs) on a single network or putting individual IP addresses through the internet.
Use cases
Site-to-site VPNs are commonly used in the following scenarios:
- To connect two office locations of the same company, to make file sharing easier and more secure.
- To link multiple campuses of the same school to facilitate resource sharing.
- To connect different companies that are collaborating on a project.
- To connect multiple library systems so librarians can share resources with their clients.
Site-to-site VPNs securely connect multiple office locations and different institutions to facilitate resource sharing.
What are VPN protocols?
Now that you know about the most common types of VPNs, let’s move on to VPN protocols. VPN protocols are rules that determine how data is shared between devices and servers connected to the VPN. These rules ensure the best connection possible via the VPN provider.
VPN protocols determine how private connections are formed and offer different security solutions. Unfortunately, there’s no one-size-fits-all VPN protocol. For example, some protocols prioritize data encryption, others focus on offering users the fastest access to resources possible. Therefore, VPN protocols can affect which type of VPN you choose.
Top 6 VPN protocols
Next, let’s go through the six most common VPN protocols you’ll encounter.
Need a cheat sheet?
Jump to the VPN protocols comparison chart.
1. OpenVPN
One of the most popular VPN protocols, OpenVPN is an open source protocol built on top of the OpenSSL project that TLS. OpenVPN is commonly used for both SSL-based site-to-site and remote access VPNs.
- Pro: Flexible, secure, and popular VPN that can bypass many firewalls.
- Con: Open-source nature makes it vulnerable to malicious code.
- When to use: Use OpenVPN when security is your top priority. OpenVPN uses a hash algorithm and RSA authentication, making its encryption basically impossible to penetrate.
2. IPSec with IKEv2
IPSec with Internet Key Exchange Version 2 (IKEv2) is a key exchange that’s part of the overall IPSec suite, but doesn’t stand on its own. IKEv2 creates an encrypted, authenticated connection to your network to protect your data. This VPN protocol is usually used in site-to-site VPNs.
- Pro: Stable, fast, and secure that maintains your VPN connection even if you lose internet or need to switch Wi-Fi networks.
- Con: Not the best VPN protocol for remote access VPNs.
- When to use: Use IPSec with IKEv2 when you need a mobile VPN.
3. WireGuard
WireGuard is a new, emerging VPN protocol that’s all about speed. With 10 times fewer lines of code than OpenVPN, WireGuard is much easier to implement.
- Pro: Cutting edge encryption and streamlined code make for an incredibly fast connection.
- Con: Only available through several VPN providers because it’s such a new protocol.
- When to use: Opt for a WireGuard VPN protocol when speed is your top priority.
4. L2TP
Layer 2 Tunneling Protocol (L2TP) uses an IP network or Layer 3 network to transfer Layer 2 data. The VPN protocol creates a tunnel between an access concentrator and network server, which encapsulates and sends a Point-to-Point Protocol link layer between the two points.
- Pro: Compatible with various encryption protocols.
- Con: Because it encapsulates data multiple times, L2TP is one of the slowest VPN protocols. It’s also vulnerable to firewalls.
- When to use: L2TP is best for remote access VPNs.
5. PPTP (Point-to-Point Tunneling Protocol)
Point-to-Point Tunneling Protocol (PPTP) was one of the first VPN protocols and was developed by Microsoft in the 1990s. This VPN protocol is generally no longer used, as new technology has replaced it. L2TP is an VPN example that’s been built on PPTP.
- Pro: Highly efficient protocol on most devices.
- Con: Because it’s been around so long, hackers have discovered PPTP’s vulnerabilities, making it a less secure VPN protocol.
- When to use: PPTP is a great option for streaming entertainment, as it’s one of the fastest VPN protocols around.
6. Dynamic Multipoint VPN (DMVPN)
Dynamic Multipoint VPN (DMVPN) uses IPSec encryption to create a secure network between hubs and spokes in which the spokes can bypass the hub to share data directly between themselves.
- Pro: Lets you create a network with multiple devices without having to set up all of the possible connection points in advance.
- Con: Because DMVPN allows for an encryption-free option, it’s important to use a VPN type that offers encryption if using this protocol.
- When to use: DMVPN is great for quick set up and scaling your VPN.
VPN Protocols Comparison Chart
TLDR?
Let’s recap.
VPN-related technology
If you’re reading about VPN protocols, you may come across other similar concepts like VPLS and MPLS and want to know what they are.
VPLS stands for “Virtual Private LAN Service” and refers to a type of ethernet that creates a WAN that lets you connect LANs found in different locations through a Layer 2 VPN. In other words, you can connect sites through a single point.
MLPS refers to Multiprotocol Label Switching network technology, which you can use to connect multiple offices or locations of a business. Unlike a VPN, however, MLPS doesn’t encrypt data, leaving it vulnerable to hacking in transit.
How are VPNs changing?
Here at Auvik, we’ve noticed some trends over the last few years that have made VPNs less necessary in the business world.
The emergence of Zero Trust Network Access (ZTNA) solutions and Cloud Access Security Brokers (CASBs) solves the same problems that VPNs do, such as secure remote access to resources, in new ways. For example, ZTNA provides a foundation for access control and security in the SASE framework.
The growth of these VPN alternatives could signal a shift in the importance of this technology.
Wrapping up: Top 6 VPN protocols
Virtual private networks create an encrypted tunnel between two sites and allow for the secure transmission of data. Remote access and site-to-site VPNs allow individuals to connect to private networks and private networks to connect to each other, respectfully. This technology uses different VPN protocols, each of which has different strengths. Before choosing a VPN provider, make sure it uses a VPN protocol that meets your needs.
Your Guide to Selling Managed Network Services
Get templates for network assessment reports, presentations, pricing & more—designed just for MSPs.
Very Excellent and short explanation.
Thanks man, this is helpful.
Cheers
Great article….. things explained in a simple manner…….
Thanks Ethan.
Super intro and helped me get to the basic understanding of the why and what of VPN in an enterprise context.
Tx for posting
So do I understand correctly, a VPN service that targets business users like NordVPN Teams is a client-based VPN with Network based VPN features? Thanks in advance.
Hey Neil – Great question. Personal VPN services like NordVPN have become much more popular in recent years as privacy concerns have increased. While not explicitly mentioned in the article, NordVPN is a client-based VPN as it connects a user’s endpoint to a remote network, in this case, a server hosted in another area of the world. The main difference between NordVPN teams (targeted at business) and NordVPN targeted at consumers is management features, such as user management, reporting, etc.
Hi Ethan, its incorrect to say AnyConnect does not support IPSEC, it supports it fine & its use has UK Government approval for Official data.
Regards, Dave
I am a house wife, and travel a lot and I think I might need tha basic vnp
How do I monitor IPsec VPN Tunnel in Auvik.?
Hi Anudeep. This page should help! https://support.auvik.com/hc/en-us/articles/209963403
Hello Auvik Team,
this means that Auvik Software can discover/identify L2 (VLANs) or L3 MPLS VPNs (Routing instances, VLANs) and display them on the monitoring?
And what about BGP sessions?
Sincerely yours,
Niragira Olympe
For BGP Sessions, we have a support article that walks through setting up an snmp poller and then creating a custom alert for BGP Session status https://support.auvik.com/hc/en-us/articles/360046620692
Thanks for the refresher !