VPN Tunnels explained: what are they and how can they keep your internet data secure
This is when the VPN client and server variously encrypt (and decrypt) your data packets using keys or certificates. Basically, they are a series of numbers used to encrypt and decrypt data only they have access to.
VPN Tunnels Explained
But the sad fact is, this is just how your connection to the internet works – it’s like an open window into the goings on in your home, and any nosey parker can peep through.
Whether it’s your Internet Service Provider (ISP) looking to track and sell your data to advertisers, or unscrupulous hackers trying to steal your personal information to sell on the dark web, it sometimes feels like the whole world has a vested interest in snooping on your online activity. And the internet doesn’t exactly make it hard for your data to be viewed or hacked by others.
However, there are a number of ways to ward off would-be online snoopers, one of which includes using a Virtual Private Network (VPN). In a nutshell, VPNs help you surf the web securely, privately, and with no restrictions. (We’ve already waxed lyrical on the benefits of using a VPN before, so we won’t harp on again too much here).
Curious to learn exactly how VPNs accomplish this amazing feat in the first place? It’s mainly down to a little-known process called tunneling.
What is a VPN tunnel?
What the heck is a VPN tunnel, and how can it help you maintain your digital security and privacy, we hear you ask? And why should you care about how it all works in the first place?
Let’s dig into it together, kicking off with a quick definition of what exactly a VPN tunnel is.
A VPN tunnel (short for Virtual Private Network tunnel) is a private pathway for data to pass through the internet from your computer or mobile device and another network.
So, think of a VPN connection like a tunnel capable of taking you to a different place on the web. This tunnel opens up at one point (your VPN client) and weaves its way through the internet before emerging at another point (the VPN server).
Just how secure the VPN connection is boils down to four basic elements, which we’ll go into in more detail on in just a moment:
- Tunneling
- Encryption
- Key exchange
- Kill switch
How VPN tunneling works
When your device initiates a VPN connection, your entire network traffic passes through a secure tunnel.
Any data sent through the internet via the VPN tunnel is split and encapsulated within “packets” (in essence, another layer of data). It works a little bit like putting a letter inside an envelope, meaning no third parties (not even your ISP) can see the data tucked away on the inside. Once the packet arrives at its destination (your VPN server), then this outer layer of data is removed so it can access your data.
This tunnel also lets traffic go both ways, back again from the VPN server to your device, shielding the data inside the tunnel as it goes – and protecting it from anyone lurking just outside.
While VPN tunneling is critical to protecting yourself and your data online, it can’t ensure your data remains safe and anonymous on its own. You’ll also want to look for the following in your chosen VPN package:
Data encryption
Encryption is the process of taking the data transmitted through the tunnel established between your VPN client and the server, then scrambling it into an unreadable format known as “ciphertext”.
Key exchange
This is when the VPN client and server variously encrypt (and decrypt) your data packets using keys or certificates. Basically, they are a series of numbers used to encrypt and decrypt data only they have access to.
Kill switch
Hey, dropped connections happen sometimes, even to the very best (and priciest) VPNs. This is why most reputable VPN providers come with a seriously useful feature – an automatic kill switch.
Think of the kill switch as your last line of defense – a digital sentinel standing constantly on guard, monitoring your connection to the server. If your connection to the VPN server does ever drop (even for a split second), then the kill switch will automatically cut off any network traffic traveling to and from your device (or any apps you’ve specified).
Once the VPN tunnel connection is restored, it’s back to business as usual. It leaves you safe in the knowledge that your IP address or any unencrypted data wasn’t accidentally leaked when your connection unexpectedly dropped.
What is split tunneling?
There are likely to be times when you don’t necessarily want all of your traffic to be encrypted through a VPN. Maybe you mostly want your VPN for certain things, like unblocking Netflix while you’re on vacation, or checking your bank account online while using a public Wi-Fi. But you’re fine with shopping on Amazon on an open network from home.
Some VPN clients come with a nifty little feature to allow you direct control of the apps and websites you want to connect to via VPN, and which ones you’d prefer to connect directly to – this technology is known as split tunneling.
(Heads up: split tunneling is also a good way to conserve bandwidth if that’s a particular concern to you.)
How are VPN tunnels created?
Here’s where we’re going to attempt to get all techy with you. VPN tunnels don’t happen by magic – they’re created through different tunneling protocols put in place for different purposes.
What are the different types of VPN tunnel protocols?
The most common VPN tunneling protocols include PPTP, L2TP/IPsec, OpenVPN and SSTP. Let’s go through them below.
1. PPTP
You can thank Microsoft for PPTP (Point-to-Point Tunneling Protocol).
They developed the OG VPN protocol way back in the 90s, otherwise known as the Dark Ages of the internet. While PPTP offers some upsides (mainly, lighting-fast connection speeds), it also comes with a whole slew of security vulnerabilities easily exploitable by cybercriminals. As technology around VPN protocols has advanced significantly over the decades, PPTP is fast becoming obsolete.
3. L2TP/IPsec
Because Layer 2 Tunneling Protocol (more commonly known as L2TP and Cisco’s answer to PPTP) doesn’t come with inbuilt encryption, it’s typically paired with IPsec (Internet Protocol Security) to create a more secure overall tunneling protocol.
SSTP
Another VPN protocol Microsoft can claim credit for, Secure Socket Tunneling Protocol (or SSTP) is super secure. The downside? It’s only available to Windows users.
2. OpenVPN
An open-source VPN protocol, OpenVPN is supported by all of the big operating systems (Microsoft Windows, Apple Mac OS X and Linux), as well as Android and iOS. With seriously high-level VPN encryption and a knack for getting around any pesky firewalls, OpenVPN is considered the best, most secure protocol in existence today.
Start protecting your online security
Clario VPN offers secure internet access at top speed, no matter what device you’re on.
Read next:
- You Should Never Use Free VPNs. Here’s Why
- How to Secure Your Wi-Fi Network at Home
- A Proxy Vs. A VPN: Differences and Use Cases
VPN Tunnels explained: what are they and how can they keep your internet data secure
Growing censorship and stiffer regulations are seen by many as two of the biggest threats to our global internet freedom and security. The good news for fans of online activities is that we’ve seen an increasing number of services become available to protect our internet web browsing time and fend off snooping by organizations.
One of the biggest growth areas for beefing up online security has been the use of Virtual Private Networks (or VPN). The humble VPN has become increasingly popular in recent years, mainly because they have the ability to bypass government censorship and geo-blocked websites and services. Better still, a reputable VPN will allow you to do this without giving away who is doing the bypassing.
In order for a VPN to do this, it creates what is known as a tunnel between you and the internet. Doing this means your internet connection is fully encrypted and it lets you stop ISPs, hackers and even the government from nosing through your browsing activity.
What is a VPN Tunnel?
When you connect to the internet with a VPN, it creates a connection between you and the internet that surrounds your internet data like a tunnel, encrypting the data packets your device sends.
While technically created by a VPN, the tunnel on its own can’t be considered private unless it’s accompanied with encryption strong enough to prevent governments or ISPs from intercepting and reading your internet activity.
The level of encryption the tunnel has depends on the type of tunneling protocol used to encapsulate and encrypt the data going to and from your device and the internet.
Types of VPN tunneling protocols
There are many types of VPN protocols that offer varying levels of security and other features. The most commonly used tunneling protocols in the VPN industry are PPTP, L2TP/IPSec, SSTP, and OpenVPN – and the world’s best VPN services should offer most or all of them. Let’s take a closer look at them.
1. PPTP
Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.
PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.
While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity – government agencies and authorities like the NSA have been able to compromise the protocol’s encryption.
2. L2TP/IPSec
Layer 2 Tunneling Protocol (L2TP) is used in conjunction with Internet Protocol Security (IPSec) to create a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel.
L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented. This double encapsulation does, however, make it a little slower than PPTP. It can also struggle with bypassing restrictive firewalls because it uses fixed ports, making VPN connections with L2TP easier to block. L2TP/IPSec is nonetheless a very popular protocol given the high level of security it provides.
3. SSTP
Secure Socket Tunneling Protocol, named for its ability to transport internet data through the Secure Sockets Layer or SSL, is supported natively on Windows, making it easy for Windows users to set up this particular protocol. SSL makes internet data going through SSTP very secure, and because the port it uses isn’t fixed, it is less likely to struggle with firewalls than L2TP.
SSL is also used in conjunction with Transport Layer Security (TLS) on your web browsers to add a layer to the site you’re visiting to create a secure connection with your device. You can see this implemented whenever the website you visit starts with ‘https’ instead of ‘http’.
As a Windows-based tunneling protocol, SSTP is not available on any other operating system, and hasn’t been independently audited for potential backdoors built into the protocol.
4. OpenVPN
Saving the best for last, we have OpenVPN, a relatively recent open source tunneling protocol that uses AES 256-bit encryption to protect data packets. Because the protocol is open source, the code is vetted thoroughly and regularly by the security community, who are constantly looking for potential security flaws.
The protocol is configurable on Windows, Mac, Android, and iOS, although third-party software is required to set up the protocol, and the protocol can be hard to configure. After configuration, however, OpenVPN provides a strong and wide range of cryptographic algorithms that will allow users to keep their internet data secure and to even bypass firewalls at fast connection speeds.
Which tunneling protocol should I use?
Even though it’s the fastest, you should steer clear of PPTP if you want to keep your internet data secure. L2TP/IPSec provides 256-bit encryption but is slower and struggles with firewalls given its fixed ports. SSTP, while very secure, is only available on Windows, and closed off from security checks for built-in backdoors.
OpenVPN, with its open source code, strong encryption, and ability to bypass firewalls, is the best tunneling protocol to keep your internet data secure. While it requires third-party software that isn’t available on all operating systems, for the most secure VPN connection to the internet, you’ll want to use the OpenVPN protocol.
A good VPN service should offer you the choice of at least these four types of tunneling protocols when going online.
Your best options
When it comes to the best VPN to sign up for there are plenty of options to choose from. Of course, if money is tight and you’re not too keen on spending anything more than you have to, trying the best cheap VPN could be an alternative. Got a budget even more limited than that? Another option could be to enlist the services of the best free VPN, of which there are numerous variants to pick from.
The main issue with opting for a free VPN is that you generally won’t get the same value as that provided by a paid-for rival. What’s more, if you’re using a VPN then one of the main considerations is going to revolve around security. By choosing a less well-known VPN, as opposed to the major players such as ExpressVPN, NordVPN, Surfshark or IPVanish to name but four, you might not get the same level of protection.
Free can be limited
Even if you have managed to find a free or cheap VPN you’re happy with, remember that there may be limitations on the way you can use the software service. Free VPNs can be a little miserly when it comes to the amount of data you can use, with the operating speed frequently being less impressive than paid-for alternatives too. If you’ve got a desire to stream video or are torrenting on a regular basis, this might be false economy.
More corners can be cut because of the free aspect too, with low-budget options potentially offering less in the way of protection. This is made worse by the way some free VPNs will feature advertising incorporated into the program, which can get old very quickly. Worse still, your data might get sold on too, which defeats the object of the exercise if you’re looking for a more secure life online.
Affordable VPN benefits
In fact, you’ll find the cheap VPN arena also features many of the same names found in the premium VPN marketplace, including the likes of ExpressVPN, NordVPN, Surfshark and PureVPN. Alongside employing tunneling protocols, you should also be able to enjoy the likes of fast connection speeds, beefy no-logging security, easy connectivity and the back-up of 24/7 customer support too. You’ll probably want to compare and contrast before signing up for a package, but the VPN arena offers a range of options to suit any kind of budget.
Naturally, if you’re looking for VPNs that call on the most commonly used tunneling protocols in the industry including PPTP, L2TP/IPSec, SSTP and OpenVPN, those top names are always going to be the best bet. However, there are solid middle ground options to consider too. A cheap VPN provider will often have many of the same features and functions found in those premium editions, but you’ll make some savings too.
TechRadar Pro created this content as part of a paid partnership with ExpressVPN. The contents of this article are entirely independent and solely reflect the editorial opinion of TechRadar Pro.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.