What Are VPN Tunnels?

How encapsulation and encryption keep your data safe

Virtual private network technology is based on the concept of tunneling. Just like a water pipe contains the liquid flowing inside of it, a VPN tunnel insulates and encapsulates internet traffic—usually with some type of encryption—to create a private tunnel of data as it flows inside an unsecured network.

As your internet traffic flows inside the VPN tunnel, it provides a secure, private connection between your computer and a different computer or server at another site. When paired with strong encryption, tunneling makes it virtually impossible for your data to viewed or hacked by others.

How Does VPN Tunneling Work?

It helps to think of VPN tunneling as a two-fold process of data encapsulation and data encryption.

  • Data encapsulation: Encapsulation is the process of wrapping an internet data packet inside of another packet. You can think of this as the outer tunnel structure, like putting a letter inside of an envelope for sending.
  • Data encryption: However, just having a tunnel isn't enough. Encryption scrambles and locks the contents of the letter, i.e. your data, so that it can't be open and read by anyone except the intended receiver.

While a VPN tunnel can be created without encryption, VPN tunnels are not generally considered secure unless they're protected with some type of encryption. This is why you'll often hear VPNs described as an encrypted connection.

Overview of VPN Encryption Protocols

VPN Login Concept
DigitalVision Vectors / Getty Images

Several encryption protocols have been created specifically for use with VPN tunnels. The most common types of VPN encryption protocols include IPSec, PPTP, L2TP, OpenVPN, IKEv2, SSTP, and OpenVPN.

Internet Protocol Security

IPsec is suite of security protocols used to authenticate and encrypt data over VPN networks. It includes standards for establishing a mutual connection between two computers and the exchange of cryptographic keys. The keys encrypt the data, so only the computers involved in the exchange can unlock and view the data.

IPSec is used as a complete VPN protocol solution on its own, or as an encryption protocol within PPTP, L2TP, and IKEv2.

Point-to-Point Tunneling Protocol

The PPTP protocol was developed by Microsoft and has been a standard since the late '90s. It relies on a TCP control channel and Generic Routing Encapsulation to work. That said, PPTP is no longer considered secure. For example, the NSA can crack PPTP encryption. PPTP has been superseded by safer protocols, and is considered obsolete today.

Layer Two Tunneling Protocol

L2TP is owned by Cisco and is considered to be a better version of PPTP. As a tunneling protocol only, it doesn't provide any encryption of its own. This is why it's often paired with IPSec. The combination of these two protocols is often referred to as L2TP/IPsec, a protocol that supports up to 256-bit encryption and the 3DES algorithm.

Internet Key Exchange version 2

The IKEv2 is a security association protocol developed by Microsoft and Cisco used to set up an authenticated and encrypted association between two computers. IKEv2 is often paired with the IPsec security suite and is referred to as IKEv2/IPsec. Together, it provides up to 256-bit encryption and robust cryptographic keys.

Secure Socket Tunneling Protocol

SSTP is a protocol standard owned by Microsoft that works with Windows, Linux, and MacOS. However, you'll primarily find it used with Windows platforms. It's considered to be a stable and highly-secure VPN protocol that uses the Secure Socket Layer 3.0 standard.

OpenVPN

OpenVPN is an open-source protocol supported by all the major operating systems in use today (Mac, Windows, and Linux) as well as Android and iOS. It also supports lesser-known platforms, including OpenBSD, FreeBSD, NetBSD, and Solaris. It features up to 256-bit encryption using OpenSSL—a robust, commercial-grade, full-featured toolkit for the Transport Layer Security.

Which VPN Tunneling Protocol Is Best?

The best VPN is one you actually use. Purchasing a VPN and then rarely using it defeats the purpose.

OpenVPN, with its strong encryption and ability to dodge firewalls, is considered the gold standard for VPNs today. It's one of the best choices for a personal VPN and will work on virtually any platform. L2TP/IPSec, IKEv2/IPSec, and SSTP are also good options if you're after strong encryption, but may only be available on certain platforms.

Single vs. Multi-Protocol VPN Providers

VPN providers fall into either the single or multi-protocol VPN category.

  • Single protocol VPNs offer only one type of protocol, usually the OpenVPN protocol.
  • Multi-protocol providers may support all of the above protocols, offering VPN services for both personal users and businesses.

Both types of VPN providers offer benefits that can help conceal your internet movements, and some offer extra layers of security along with other benefits.