Contents
- What is a VPN tunnel?
- How does VPN tunneling work?
- Types of VPN tunneling protocols
- WireGuard
- OpenVPN
- IKEv2/IPSec
- L2TP/IPSec
- SSTP
- PPTP
- What is split tunneling?
- FAQ
What is a VPN tunnel?
A VPN tunnel is an encrypted connection between your devices, such as computers, smartphones, or tablets, and a VPN server. It hides your IP address and encrypts your data that travels the internet, as well as the data you generate while surfing the web. Snoopers will not be able to gain access to your online data or track your activity because the connection is uncrackable without a cryptographic key.
VPN providers use different tunneling protocols like WireGuard, NordLynx, or OpenVPN. These communication protocols allow the movement of data across the network.
How does VPN tunneling work?
VPN tunneling is the process of transmitting data from a device or network to another device or network and back without compromising the data privacy. To be able to enjoy the advantages of VPN tunneling, you must first start using VPN (also known as virtual private network) services. Once your device connects to a VPN, a safe tunnel is established even if you are using public Wi-Fi.
This tunnel ensures that:
- Your traffic is encrypted. It becomes unreadable to third parties.
- Your IP address is hidden. Your online data passes through a VPN server, which hides your IP address and, in turn, your virtual location.
- Your connection is secured. You can use public Wi-Fi without worrying about being tracked, monitored, or having your data intercepted.
When you connect to the internet without a VPN, a lot of your data is going to be exposed. Your internet service provider (ISP) can view and log your online activity, while the websites you visit will be able to see your IP address and location. These companies have one big reason to dig around your private life — to sell your browsing data to the highest bidder. They can also throttle your bandwidth if you frequently download large files.
Hackers have their own motives. They use malware, phishing, ransomware, DDoS attacks, and other techniques to intercept data, strip your bank accounts, and ruin your mood. Some governments are also known for monitoring peoples’ online life.
When you connect to the internet with a VPN, your data packets go through an encrypted and secure tunnel. This protects your browsing activity, masks your IP address, and redirects your data to a VPN server. You can also remotely access your data in a safe way. Neither ISPs nor hackers can identify you, snoop around your data, or track your location. The VPN tunnel is one of the most useful online security technologies available.
Types of VPN tunneling protocols
There are many different VPN tunneling protocols varying in speed, level of security, encryption processes, and other features. Let’s explore the most common types.
WireGuard
Security: Very high
Speed: Very high
The fastest protocol, and extremely useful when speed is your priority. It is also highly secure. WireGuard is extremely lightweight because it consists of just 4,000 lines of code, which leaves less room for vulnerabilities and flaws. It’s open source, which makes it transparent, and easy to customize and debug.
WireGuard is still in the development stage and, unlike OpenVPN and IPSec, it requires its own infrastructure to function.
In 2019, NordVPN introduced NordLynx, a protocol that has inherited the speed of WireGuard and took it one step further by enhancing user privacy and the security that everyone strives for.
OpenVPN
Security: High
Speed: High
This is an open-source protocol that works with all major operating systems. You can download the source code, review it, and modify it however you like. OpenVPN protocol can run over the TCP or UDP internet protocols. It is also considered one of the most secure VPN tunneling protocols and is quite fast.
As secure and fast as OpenVPN is, it proves to be quite complex to set up on your own.
IKEv2/IPSec
Security: High
Speed: High
The IKEv2/IPSec protocol offers the security benefits of IPSec (Internet Protocol Security) and has the speed of IKEv2 (Internet Key Exchange Version Two). When your VPN connection is interrupted, or you’re switching between networks, the IKEv2/IPSec auto-connect feature restores everything back to normal.
As good a protocol as IKEv2/IPSec is, it is incompatible with some operating systems.
L2TP/IPSec
Security: Medium
Speed: Medium
L2TP (Layer 2 Tunneling Protocol)/IPSec accepts different encryption protocols, so you can easily customize it. It is also easy to set up with loads of documentation available.
L2TP/IPSec is not a very secure protocol because it is outdated, contains multiple vulnerabilities, and is potentially compromised by the NSA. It is a slow protocol because of the double encapsulation of data. Unlike SSTP, it is not good at bypassing firewalls.
SSTP
Security: High
Speed: Medium
SSTP is easy to set up, and there is accessible support. It’s a secure and relatively fast protocol, good at bypassing firewalls.
Unfortunately, it only works on Windows. It was created by Microsoft, which is known to collaborate with the NSA.
PPTP
Security: Poor
Speed: High
PPTP is fast and convenient if you need a quick-use VPN. It is also highly compatible with every system and easy to set up and use.
It is an outdated protocol, which means it’s not secure and contains multiple exploits and vulnerabilities. The NSA is known to decrypt this protocol. Due to its primitive and outdated nature, it is easily blocked by firewalls.
What is split tunneling?
Split tunneling is an advanced VPN feature that lets you divide your internet traffic by encrypting some of it and sending it through secure VPN servers, while the rest is allowed to travel the internet directly. Basically, this feature allows you to connect to two networks simultaneously — a private and a public one.
A VPN tunnel encrypts all your traffic, but there are certain situations when you might not want it to. This is exactly what split tunneling is all about — choosing which apps require VPN protection and which don’t. For example, you might want to use a VPN to check your bank account online using public Wi-Fi, but you feel comfortable browsing your favorite websites connected to your home network without a VPN.
Some VPN providers, like NordVPN, offer the split tunneling feature, while others only offer the standard VPN setup — full tunneling which encrypts every byte of your internet traffic. You can find a detailed comparison of the two in our blog post on split tunnel vs. full tunnel VPN. We also have a blog post on split tunneling security risks to teach you about situations where split tunneling might not be appropriate.
