Nowadays, people use VPNs for all sorts of things. You might need one to bypass strict censorship, or want to check out content from the other side of the pond. A VPN is also vital for anyone looking to connect to risky public Wi-Fi hotspots. The security benefits of a VPN are plastered all over provider sites and lauded in reviews – but what exactly is this VPN tunnel that they talk about?
What is a VPN tunnel?
Well, a VPN tunnel is an encrypted connection that links your device to the internet! This encryption keeps your personal information and browsing sessions safe from third-party snoopers – including your school or workplace, your ISP, or even your government. Your ISP will see that you're sending and receiving data packets, but won't be able to view them, even if they intercept them!
In fact, nobody will be able to take a peek at (or monitor, alter, or otherwise meddle with) your data. It'll go right through the tunnel from your device, before being routed through the VPN servers and onto the internet.
Want to understand more about VPNs?
If you want to learn about how VPN services work, how to use them, and what benefits they offer users, then check out our VPN beginners guide. Alternatively, if you want to know what VPN is best, check out our best VPN page for a list of recommendations in 2023.
Picking a protocol – which tunnel is most secure?
There are dozens of VPN encryption protocols available to use, and as you might expect, they're not all made equal. The protocol that you choose, and its level of data encryption, will determine how secure your VPN tunnel is – but some are outdated, some offer speed over security, and others may not be compatible with your device.
So, which VPN protocol should you go with? Let's take a look at some of the most common contenders:
Also known as "Point to Point Tunneling Protocol", PPTP was developed by Microsoft, released with Windows 95, and is known for its speed – and complete lack of security. Despite being relatively easy to configure, PPTP uses unsecure MS-CHAP-v1/v2 authentication protocols that offer little in the way of encryption (though they are quick). In fact, PPTP has had security issues since 1998, and has been compromised by government agencies, including the NSA.
Comprised of Layer 2 Tunneling Protocol (L2TP) and Internet Protocol Security (IPSec), this VPN protocol is slower than PPTP, but far more secure, in large part because it offers industry-standard AES-256 encryption. L2TP necessitates the use of the IPSec VPN protocol, seeing as it encapsulates data but doesn't offer any authentication itself. IPSec bundles these packets up and encrypts them, keeping them safe from snoopers and secure for transit.
Secure Socket Tunneling Protocol is adept at securing data as it passes through the SSL, or the Secure Sockets Layer. What's more, because SSTP doesn't use fixed ports, it has a far easier time navigating firewalls. Being native to Windows means that SSTP is easy to configure if you do have a Windows device, and unavailable to you if you don't. Additionally, SSTP's connection to Windows invites a fair amount of concern, as Microsoft has previously worked with the NSA.
OpenVPN is the new protocol on the block, and the one considered the gold-standard by most VPN providers and users, despite being rather tricky to configure (and needing third-party software to do so). It utilizes AES 256-bit encryption to keep data secure, is able to bypass firewalls, and runs over both TCP and UDP protocols.
In addition, OpenVPN benefits from being an open-source protocol, meaning that it is examined and cleaned of bugs and flaws constantly by a thorough community.
So, each protocol comes with its own strengths and shortcomings, and you'll need to consider these carefully when deciding which to use.
VPN providers typically let you take your pick of protocols – though we'd recommend sticking with OpenVPN!