Types of VPNs & Protocols
A VPN, or a Virtual Private Network, is a technology initially developed to serve businesses. Its primary function was to provide secure, cheap, and flexible solutions to protect corporate networks. It made work tools and data accessible to the employees and restricted access to everyone else.
Rather than relying on expensive hardware to set up closed-off networks, a VPN connection uses the open internet to transfer data safely via an encrypted tunnel, creating a secure connection. Since the internet is public by design, encryption is a deterrent for threat actors lurking in the same environment.
VPN technology is not complex, but there are many virtual private network setups and tunneling protocols from which to choose. All of this can get very technical, so here's a quick rundown of which types of VPNs and tunneling protocols are right for your business.
Key takeaways
- Decide between remote access and site-to-site VPN based on network setup and user needs.
- Remote access suits individual connections, while site-to-site connects entire networks.
- Focus on secure VPN protocols like WireGuard, L2TP/IPsec, and OpenVPN for better encryption.
Most common virtual private network types include:
- Site-to-site VPN
- Remote access VPN
VPN protocols include:
- IPSec
- L2TP
- PPTP
- SSL and TLS
- OpenVPN
- SSH
- WireGuard (NordLynx)
Different types of VPNs and when to use them
Let’s now explore various types of VPNs and which will be the best fit for your business.
Remote Access VPN
Remote access VPN is a temporary, encrypted, secure connection between the business's data center and the user's device, hosted on a VPN server. It becomes active only when the user enables it. Otherwise, it doesn't have a permanent link. Businesses use this type to securely access the applications and data in a central hub via a VPN tunnel. You can think of it as a virtual private network connection, making a secure pathway from your device to access sensitive documents or company materials on the other end.
The main drawback of this method is that the applications you're using are now hosted very rarely by the main headquarters. Most organizations adopt software as a service (SaaS) solutions, universally hosted somewhere else, using enormous data centers. Therefore, setting up a remote access VPN might not be the most practical solution, as in those cases, the data would be going from users' devices to the central hub, to the data center, and back. This could introduce severe bottlenecks and degrade network performance.
This solution can be good when you need it for specific self-hosted applications or very classified documents that you don't want hosted elsewhere. However, it's worth noting that you should plan based on the number of users accessing them. The more of them you have, the more capable a VPN server you'll need.
Site-to-site VPN
Site-to-site VPN is a permanent connection between multiple offices that creates an always-on unified network. It needs to be configured separately for both networks, and it works best when multiple remote sites are involved. It can be configured on-premises routers or firewalls.
This solution won't help you much if your users want to connect from home. Administrators usually don't allow connections from networks they have no control over for safety reasons. Essentially, they're sacrificing accessibility in favor of security.
On the upside, it's one of the cheapest methods of merging separate networks into a single intranet. Every device can function as if it's on the same local area network, facilitating data exchanges and preventing snooping attempts from the outside.
Choosing the right VPN depends on your network and how users access resources. A remote access VPN works well for businesses with employees who need secure, temporary access to a central network's VPN server. It’s ideal for accessing internal tools, sensitive files, or specific applications from anywhere. However, it can create bottlenecks when connecting to cloud services.
Site-to-site VPN is better for businesses with multiple offices that need a unified, permanent network. It allows all devices at different locations to act on the same local network. It ensures secure data transfer between sites but lacks flexibility for remote users. Tailor either option to your infrastructure and users' needs.
Choosing the right VPN type for your business
Choosing the right VPN depends on your network and how users access resources. A remote access VPN works well for businesses with employees who need secure, temporary access to a central network's VPN server. It’s ideal for accessing internal tools, sensitive files, or specific applications from anywhere. However, it can create bottlenecks when connecting to cloud services.
Site-to-site VPN is better for businesses with multiple offices that need a unified, permanent network. It allows all devices at different locations to act on the same local network. It ensures secure data transfer between sites but lacks flexibility for remote users. Tailor either option to your infrastructure and users' needs.
Most common virtual private network protocols
VPNs use tunneling protocols that act as rules for sending data. These protocols, used by different types of VPN, provide detailed instructions on packaging the data and what checks to perform when it reaches its destination. These various methods directly affect process speed and security. Here are the most popular ones.
Internet Protocol Security (IPSec)
IPSec is a VPN tunneling protocol that secures data exchange by enforcing session authentication and data packet encryption. It is twofold encryption — the encrypted message sits in the data packet, which is further encrypted again. The IPSec protocol combines with other protocols for added security and frequently utilizes Site-to-Site VPN setups due to its high compatibility.
Layer 2 Tunneling Protocol (L2TP)
L2TP generates a secure tunnel between two L2TP connection points. Once established, it uses an additional tunneling protocol, IPSec, to encrypt the sent data. L2TP's complex architecture helps ensure high security of the exchanged data. It's another popular choice for Site-to-site setups, especially when higher security is needed.
Point–to–Point Tunneling Protocol (PPTP)
PPTP is another tunneling protocol that creates a tunnel with a PPTP cipher. However, since the cipher was made in the '90s, computing power has increased exponentially. Brute-forcing the cipher wouldn't take too long to crack and reveal the exchanged data. For this reason, technology rarely uses this cipher; a replacement containing more secure tunneling protocols with more advanced encryption is preferable.
SSL and TLS
Secure Socket Layer and Transport Layer Security protocols are the same standard that encrypts HTTPS web pages, establishing a secure connection. That way, the web browser acts as the client, and user access is limited to specific applications rather than the entire network. Since almost all browsers come equipped with SSL and TLS connections, no additional software is usually required. Remote access VPNs typically use SSL/TLS.
OpenVPN
OpenVPN is an open-source enhancement of the SSL/TLS framework with additional cryptographic algorithms to make your encrypted tunnel even safer. It's the go-to tunneling protocol for its high security and efficiency. However, compatibility and setup can be a bit hit or miss, as you won't be able to install it natively on many devices to form router-to-router VPN networks. So, the performance may vary.
It comes in User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) versions. UDP is faster because it uses fewer data checks, while TCP is slower but better protects data integrity. As a whole, OpenVPN is a well-rounded and secure tunneling protocol and is popular for both remote access and site-to-site virtual private network uses.
Secure Shell (SSH)
Like the other option, SSH generates an encrypted connection and allows port forwarding to remote machines via a secure channel. It is useful for accessing your office desktop via your laptop at home. While it does add additional flexibility, SSH channels should always be under close supervision to provide a direct entry point for a breach. That's why it's a better fit only in remote access setups.
Wireguard
The most recent widely available tunneling protocol is less complex but much more efficient and safer than IPSec and OpenVPN. It relies on highly streamlined code to squeeze the best possible performance with a minimal margin of error. While it is still in the early adoption stage, offices could use Site-to-site connections based on WireGuard. There are even proprietary WireGuard implementations like NordLynx.
Which VPN protocol is the best for your business?
Criteria of comparison/Protocol | IPSec | L2TP | PPTP | SSL/TLS | OpenVPN | SSH | WireGuard |
|---|---|---|---|---|---|---|---|
Security and performance | Secure | Secure | Fast | Widely used | Highly configurable | Allows port forwarding | Highly secure |
Flexibility and compatibility | Flexible | Widely available | Built-in client | Maintains data integrity | Open source | Supports key-based authentication | Open source |
Ease of use and common use case | Widely supported | Easy to set up | Easy to set up | Required for compliance | Highly secure | Enables secure file transfer | Lightweight design |
A VPN protocol should be the last thing on the list. First, you should choose what kind of setup you should use: remote access or site-to-site. This will help you choose between the available types of VPNS. This should narrow down your list of options. However, it's worth noting that remote access and site-to-site access are the only possibilities for setting up an Internet-based VPN.
After carefully considering your business needs and setup method, you can start looking into your network needs. Look into your risk model, what traffic load you would expect, what data you want to make available, and to whom. The clearer the picture, the easier it will be to drive the setup cost down and pick the right tunneling protocol for your case.
As a rule of thumb, WireGuard, L2TP, SSL/TLS, and OpenVPN will be the safest options for remote access setups. The best VPN protocols can depend entirely on your hardware from a site-to-site perspective. For example, if you're already using routers that natively support OpenVPN, it might make more sense to keep them rather than replace them with ones that can handle WireGuard.
FAQ
What are the different types of VPN?
Common types of VPN include remote access for individuals, site-to-site for business networks, and technology-specific types like SSL VPNs. Providers may also offer service models like cloud VPNs or special features like Double VPN for extra encryption.
What are the most common VPN protocols?
The most common VPN protocols include OpenVPN, a highly secure and versatile option for both individual and site-to-site use. Then, there is WireGuard, a modern, efficient protocol that is faster and more secure than older options like IPSec. IPSec/L2TP is a combination offering high security for connecting business networks. Last but not least, the SSL/TLS protocol uses the same technology that secures HTTPS websites and is commonly used for remote access.
Which VPN protocols are recommended for remote access setups?
Recommended VPN protocols for remote access setups are: OpenVPN, L2TP/IPsec, and IKEv2/IPsec.