In our last part, we have discussed some of the protocols which can be used by the VPN clients. In this article, we’ll discuss the rest of the protocols and ciphers.
Let’s begin with the other set of protocols.
Layer 2 Tunnelling Protocol (LT2P) – This protocol helps in connecting you with other servers in your VPN. However, it needs the IPsec suite to encrypt and authenticate the traffic. It can encapsulate the data twice.
Furthermore, LT2P/IPsec is a sensible choice for non-critical use given the number of various encryption protocols it can accept and supported by numerous platforms. This is particularly true for legacy devices that don’t support OpenVPN.
SSTP- It stands for Secure Socket Tunnelling Protocol. This Microsoft-owned protocol is based on SSL 3.0. It supports AES-256 and uses TCP port 443. This protocol is only used in windows.
Not being open-source, SSTP can reject suggestions of backdoors and vulnerabilities.
WireGuard- This is new in the protocol list. It offers much better performance and speed as compared to OpenVPN. Issues associated with IPsec and OpenVPN like frequent disconnections, extended re-connection times, complex setup for users looking to manually configure, and heavy codebases can be resolved using wireguard.
Additionally, it uses modern ciphers and its codebase is only of 4000 lines which are about 1% of OpenVPN and IPsec.
PPTP- It stands for Point-to-Point Tunnelling Protocol. It was developed in 1999 by a team funded by Microsoft. It is fast, compatible, and does not require any software.
However, the issue is with its security. It is less secure as compared to other protocols. Therefore, it is advisable to use this protocol only for non-critical purposes.
Now, let’s come on ciphers. A cipher is defined as the formula or algorithm that is used to carry out the encryption. Key length and strength of formulas signify the strength of a cipher. Larger the key strength means more calculations and that means more processing power will be required. Below described are some ciphers:
AES-
This stands for Advanced Encryption Standard. This symmetric-key cipher was developed by the national institute of standards and technology (NIST). When comparison holds between its version AES-128 and AES-256; AES-256 is more secured than AES-128.
Blowfish-
It is a default cipher used mainly in OpenVPN. Blowfish-128 is commonly used version as compared to others that range from 32 to 448 bits. Though it is considered secure due to its features of sporting some vulnerability, it is used only when AES-256 is not available.
Camellia-
Just the same like AES with a difference of certification given by NIST which AES has and Camellia does not.
This was all about the VPN, its protocols, and the associated ciphers. Hope the above information may prove to be useful for all VPN users.
For more great content like this, subscribe to our monthly newsletter:
[newsletter]