Previously in this article, we mentioned that OpenVPN is the best protocol used by all of the VPN services on our list, but what exactly is a "VPN Protocol"?

In a nutshell, a VPN protocol is a set of processes and instructions between your machine (VPN client) and the VPN server to make a strong and safe connection.

At the time of writing, there are five different VPN protocols likely used by your chosen VPN provider: OpenVPN, PPTP, L2TP/IPSec, IKEv2, and SSTP.

If you feel slightly intimidated after reading these terms, do not be alarmed. Very few people know what all of these terms mean, and in all honesty, most people don't have to be protocol savvy unless they work in IT.

That being said, if you're interested in learning about VPN protocols, here's a quick summary of the most common encryption protocols used by some of the best VPN providers in the UK.

OpenVPN

Open-Source protocol, or OpenVPN, is an industry-standard VPN protocol that's fast, reliable, secure and suitable for all types of VPN users. Which explains why OpenVPN is an extremely popular protocol among third-party VPN providers.

One of the main reasons OpenVPN is considered to be one of the most secure protocols on the market stems from the fact that it uses custom security protocols that depend greatly on OpenSSL. While it certainly isn't the fastest VPN protocol on the market, it's a stable and secure option used by many of the providers on our list.

PPTP

Jointly developed by Microsoft in 1999, Point-to-Point Tunneling Protocol (PPTP) is the oldest encryption protocol on the market. Even though PPTP is known for being the least secure protocol due to the lower encryption standard, it's one of the fastest VPN protocols around, making it ideal for streaming and gaming online.

That being said, security should be your main priority when looking for a VPN service, and while PPTP does use 129-bit encryption, it offers virtually no security benefits. Which is why we only recommend PTTP to advanced users.

SSTP

Secure Socket Tunneling Protocol (SSTP) is a VPN protocol developed by Microsoft that was initially released for Windows Vista SP1, followed by RouterOS and SEIL.

Given that SSTP was made for Windows Vista SP1, it's a great option for Windows users, even today. As you would assume, setting up SSTP on other operating systems may prove difficult, though it isn't impossible to use this VPN protocol on Linux and Mac OS.

When it comes to security, SSTP is considerably superior when compared with PPTP as it can be configured with strong AES (256-bit) encryption.

L2TP/IPSec

Layer 2 Tunnel Protocol is a VPN protocol that, for security reasons, is typically paired with IPSec.

Developed by Microsoft and Cisco, L2TP/IPSec is essentially an improved version of PPTP that you can use to download torrents and securely browse the web. It's slower than OpenVPN, but it's a fast and secure alternative if, for whatever reason, OpenVPN isn't an option.

IKEv2

Similar to L2TP/IPSec, Internet Key Exchange version 2 (IKEv2) is a secure protocol that was jointly created by Microsoft and Cisco in the '90s.

Even though we label it as one, IKEv2 is not strictly a VPN protocol, but it does act like one. Compared with the other VPN protocols on our list, IKEv2 is best suited for mobile device users looking for a speedy, reliable and secure VPN protocol.

In terms of security, Internet Key Exchange version 2 supports AES encryption and, much like L2TP, utilises the IPSec encryption suite. That said, it must be noted that this VPN protocol is not largely supported and therefore it could prove fairly difficult to set up if you aren't using a compatible device.

SSL/TLS

Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) are the most widely used cryptographic protocols at present. This is one of the protocols you've most likely heard of when connecting to a secure HTTPS (Hypertext Transfer Protocol Secure) website.

Any site with HTTPS in the URL is secured by an SSL certificate used to keep a connection secure and protect any sensitive data being sent between a VPN client and a VPN server.

But what is Transport Layer Security? TLS is an updated and more secure version of SSL, and while VPN providers regularly use the term "SSL" to refer to their security certificates, you will often end up purchasing a more updated TLS certificate. To find out the exact differences check out our TLS vs SSL comparison.

VPN Routing & Devices: How Is Data Routed Through the VPN?

After reading all of those confusing terms, you're probably wondering how your data gets routed through the VPN. To make things simple and easy to understand here's a quick summary.

Provider-Provisioned VPN Building-Blocks

Provider-Provisioned VPNs, or PPVPNs, is a fairly recent technology primarily used by companies to allow employees safe remote access to their business network. PPVPNs work by using virtual traffic links known as "tunnels" that operate at either one or two of the OSI (Open Systems Interconnection) Layers.

This is typically OSI Layer 2 (L2) or Layer 3 (L3). The building blocks mentioned below can be either L2, L3 or a combination of the two.

PE Devices

A Provider Edge (PE) device is a switch or router that interacts with Provider backbone devices (P devices) and a Consumer Edge (CE) device. As this is the case, PE devices are routers that sit at the edge of the Service Provider core network that connects straight to a router at the consumer site.

P Devices

Unlike a PE device, Provider (P) routers are located inside the Service Provider core network, rather than on the edges. Given that they are located inside the core, P devices connect with PE devices but do not directly interact with Consumer Edge devices.

C Devices

Customer (C) devices are located inside a customer's network, rather than in the Service Provider core network. Unlike the other routers we have mentioned, C devices are not aware of the virtual private networks existence.

CE Devices

Consumer Edge (CE) devices are routers located within a customer's premises that have a direct link to the Provider Edge router and provide access to the Provider-Provisioned VPN. CE routers are frequently known as Customer Premises Equipment (CPE) devices.

User-Visible PPVPN Services

With all of that being said, what exactly does a Provider-Provisioned VPN offer? Below, we have listed some of the features that PPVPN users can make use of. Let's begin with OSI Layer 2 Services.

OSI Layer 2 Services

VLAN

A VLAN, or Virtual Local Area Network, allows you to group multiple devices together on separate physical LANs (Local Area Networks). As Virtual Local Networks can be distributed across multiple switches, each VLAN should be addressed as its own broadcast domain or subnet.

VPLS

A Virtual Private Local Area Network Service (VPLS) is a type of VPN that allows customers to create a LAN structure that supports the connection of geographically separate sites. This allows all services in a Virtual Private LAN Service to appear on the very same Local Area Network, irrespective of the location of the sites.

EoIP

Ethernet-Over IP Tunneling, or EoIP Tunneling, is a MikroTik RouterOS protocol used to generate an Ethernet tunnel between two separate routers.

IPLS

An IP-Only LAN Service (IPLS) is essentially a simplified version of a Virtual Private Local Area Network Service that provides a service for IP-only traffic using PE routers.

PW

In telecommunication and networking, a pseudo-wire (or pseudowire) is an emulation of a transparent wired, point-to-point connection across a PSN (Packet-Switching Network).

OSI Layer 3 VPN Service

MPLS VPN

An MPLS Layer 3 VPN is a type of Virtual Private Network infrastructure that appropriately uses multiprotocol label switching (MPLS) methods to provide services.

Virtual Router VPN

A Virtual Router VPN allows you to share an internet connection with multiple nearby devices. It does this by acting like a regular home router and allows your device to work as a hotspot.

Unencrypted Tunnels

In Virtual Private Networks where no encryption tunnelling is provided, a Generic Routing Encapsulation (GRE) is used. While unencrypted tunnels leave the VPN unprotected, it can still make your connection anonymous.

Private vs Public Encryption Keys

Every VPN service utilises two types of encryption keys: private and public. But which is superior? Unlike public keys, private encryption keys are only known to the client and the server. On the contrary, public encryption keys are known to every single client on the same network.

Both private and public 3DES and AES encryption keys are measured in bits and very in lengths between 128- and 256-bits. Although the most common method is 128-bits, more secure VPN providers now utilise 256-bit encryption.

How Does a VPN Compare With a Proxy Server?

Similar to a VPN, a proxy server acts like a web filter and firewall. The main difference is that a proxy server can merely direct web requests, whereas a VPN is able to anonymise and route all network traffic.

HTTP Proxies

Hypertext transfer protocol secure (HTTPS) is a protocol you've likely come across when browsing the web. If you don't know what it means, HTTPS is essentially a secure version of HTTP used to send data between a website and the web browser.

SOCKS Proxies

A Socket Secure (SOCKS) proxy is a protocol that makes it easier for servers to communicate through a firewall by routing traffic to the server. They can be used for streaming, torrenting, file sharing and even gaming.

Transparent proxies

Inline proxies, more commonly known as transparent proxies, are primarily used by businesses to monitor and manage access. You may have come across a transparent proxy when trying to connect to public WiFi networks such as Starbucks WiFi.