A virtual private network, more commonly known as a “VPN”, creates a private network across a public internet connection. That private network acts like a tunnel, within which the internet user’s IP address is hidden and their browsing activity is encrypted—keeping it secure against the prying eyes of unauthorized third parties.
Today, it’s estimated that a third of all internet users leverage a VPN to secure their online connections. VPNs are popular with both consumer and business users.
Many businesses today use VPNs to secure their remote workers’ access to the corporate network when they’re connecting via an unsecure home router or public Wi-Fi service. They can also be used to set up access controls that restrict users from accessing part of the network that they don’t need to, helping to limit the lateral spread of attacks through a network.
VPNs are relatively easy to set up and the technology behind them isn’t very complicated. There are, however, many different types of VPN protocols that determine how data travels through your network. To ensure your company’s data remains secure—without compromising your users’ productivity—it’s important that you choose the right type of VPN and VPN protocol for your business.
So, what are the different types of VPN and VPN protocol, what can you use them for, and which one does your business need?
Let’s find out.
The Two Types Of VPN
There are two main types of VPN setup: remote access VPNs, and site-to-site VPNs.
Remote Access VPN
A remote access VPN enables a user to connect to a private network remotely. This is achieved by creating an encrypted connection directly between the user’s device and the data center they’re accessing. Remote access VPNs don’t create a permanent connection—the connection is only active when the user establishes it via a VPN client installed on their device. This means the user can access all the resources on that network whenever they need to, without having to travel to the network location to connect to it.
Because of this, remote access VPNs are popular amongst home users, but also businesses that want to enable remote or hybrid employees to connect to the corporate network securely, from anywhere. They can also be used to bypass geographical restrictions on internet access, making them useful for employees that are travelling and need to be able to access sites that might be restricted in their destination country.
However, remote access VPNs can cause users to experience high levels of latency in their connection, particularly when their company is storing data in Software-as-a-Service (SaaS) or cloud applications. Data in these apps is usually stored off-site, which means that the connection must be routed from the user’s device to the central VPN hub, then to the data center, and back. So, a remote access VPN is best used for accessing data that is stored on company premises.
Site-To-Site / Router-To-Router VPN
A site-to-site VPN, also known as a router-to-router VPN, creates a connection between two physical sites. The connection is established between routers; one router acts as the VPN client, and the other acts as the VPN server. When the connection between the two routers is authenticated, a permanent, secure VPN tunnel is established, creating one unified network between the separate locations.
Site-to-site VPNs are commonly used among large enterprises to connect the networks of two or more separate office locations. If a business is connecting several of its own offices via a site-to-site VPN, they use an intranet-based VPN. If a business is using a site-to-site VPN to connect to the office of another business—such as one of their suppliers—they use an extranet-based VPN.
A site-to-site VPN is an excellent way of creating a single intranet across multiple sites so that all company devices can connect to the same network as though they were there locally. This enables users across multiple offices to access shared resources. However, this type of VPN can’t be used to enable users to connect to the corporate network from home, as admins cannot inherently trust the security of their users’ home networks.
The Most Common VPN Protocols
Once you’ve decided what type of VPN setup you need—remote access or site-to-site—you need to choose what tunnelling protocol your VPN should use.
A VPN protocol determines how data travels through an established connection. Different protocols offer different features designed to meet specific use cases: some prioritize speed; others, security. Some VPN services offer a single protocol, while others offer organizations the option to choose which protocol they would like to use, based on their business needs. It’s also possible to use two protocols at once; one to transfer data, and one to secure it.
When choosing a protocol (or protocols), you need to consider how much traffic you’re expecting to route through the VPN, what data you want to make available via the VPN, and to which users. You also need to think about your risk profile, i.e., how likely it is that an unauthorized party will try to access your company’s data, and how important it is that the VPN secure your users’ connections via encryption and other methods. Having this information to hand will make it much easier to choose the right protocol for your business.
– Internet Protocol Security (IPSec)
Internet Protocol Security (IPSec) is a VPN protocol used to secure data across an internet protocol (IP) network. To do this, IPSec enforces session authentication and data encryption. The protocol runs in two modes: transport mode and tunnelling mode. The transport mode encrypts the data message itself, then the tunnelling mode encrypts the whole data packet.
IPSec is a popular choice for site-to-site VPN setups, and can be used in conjunction with other VPN protocols for enhanced security.
– Layer2 Tunnelling Protocol (L2TP)
Layer 2 Tunnelling Protocol (L2TP) is an VPN protocol that creates a secure tunnel between two connection points. L2TP offers high speed connections, but doesn’t offer any encryption out-of-the-box, so it’s often used alongside other protocols, such as IPSec, to establish a more secure connection.
Like IPSec, L2TP is a popular for site-to-site setups and, once combined with another protocol for security, it offers a fast, highly secure connection.
– Point-To-Point Tunnelling Protocol (PPTP)
Point-to-point tunnelling protocol (PPTP) is a VPN protocol that creates a tunnel with a PPTP cipher, encrypting data that travels within that tunnel.
PPTP is one of the oldest VPN protocols, and one of the most widely used. It was developed by Microsoft in the 90s and integrated into Windows 95 and was designed specifically for creating and securing dial-up connections. It has since expanded to be compatible with MacOS and Linux devices. However, since PPTP’s creation, technology has become more advanced—with the right computer, it wouldn’t take long to crack a PPTP cipher using brute force. This makes PPTP one of the least secure VPN protocols.
However, what it lacks in security, PPTP makes up for in speed, making it popular amongst users that need quick access without strong encryption.
– TLS And SSL
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are the same standard that encrypt HTTPS web pages—secure sites that have “https” at the start of the URL. They create a VPN connection where the web browser acts as the client, and user access is restricted to certain applications—rather than a whole network. Because most web browsers come with TLS and SSL integrated already, establishing TLS of SSL connections requires very little action from the end user, and doesn’t require any additional software to be installed.
TLS and SSL are often used within remote access VPN setups.
– OpenVPN
OpenVPN is an open-source VPN protocol based on TLS and SSL, but with added encryption layers for heightened security. It comes in two versions: User Datagram Protocol (UDP), which carries out fewer data checks, so is faster; and Transmission Control Protocol (TCP), which carries out more checks to protect the integrity of the data being sent, so is slower.
Because it’s an open-source technology, developers can access the underlying code of the OpenVPN protocol. This means it’s regularly checked for vulnerabilities. On top of that, OpenVPN uses AES 256-bit encryption—one of the most secure encryption methods—with 2048-bit RSA authentication and a 160-bit SHA-1 hash algorithm. This makes it one of the most secure VPN protocols, though these high levels of security can sometimes cause latency in the connection.
OpenVPN is highly secure and generally quite efficient, making it a popular type of VPN protocol for both remote access and site-to-site setups.
– Secure Shell (SSH)
Secure Shell (SSH) is a VPN protocol that creates an encrypted tunnel through which data can be transferred from a local port onto a remote server. Because the data itself isn’t encrypted, SSH isn’t the most secure VPN protocol, but it does offer very fast connections.
SSH is most often used within remote access setups, enabling users to access their workplace desktops via mobile devices off-site.
– Internet Key Exchange v2 (IKEv2)
Developed by Microsoft and Cisco, Internet Key Exchange version 2 (IKEv2) is a VPN protocol that sets up a security association (SA) to negotiate the exchange of security keys used by the VPN client and server. Once it authenticates the SA, IKEv2 establishes a private tunnel for data transfer.
IKEv2 is one of the quickest VPN protocols and is particularly strong at re-establishing a connection after a temporary outage, and switching connections across different network types (e.g., from cellular to Wi-Fi). However, like L2TP, it doesn’t offer out-of-the-box encryption, so is often used in conjunction with IPSec for added security.
Because of its support for mobile connections and a wide range of operating systems—including Windows, MacOS, Linux, Android, iOS, and routers—IKEv2 is commonly used within remote access VPN setups.
Summary
VPNs are an efficient, cost-effective way of establishing a connection between users and shared resources on the company network—whether those users are working remotely, or on-site at different office locations.
The type of VPN setup and protocol you choose will depend on your business need and your existing infrastructure. Generally, however, L2TP/IPSec, SSL/TLS, and OpenVPN are considered the most secure options for a remote access VPN setup. For a site-to-site setup, the best protocol depends on the hardware you’re using—if, for example, your routers natively support OpenVPN, you should consider using that protocol. If they don’t, it can be tricky to implement, and you may wish to consider another protocol.
There are a lot of VPN services for business on the market, each offering support for different protocols and use cases, and each with different added security functionality. To help you choose the best solution for your business, we’ve put together a guide to the top enterprise VPNs—including their key features and target use cases—which you can read via the link below:
