Once meant to be free, the internet is now one of the most monitored and regulated communication methods out there. Everyone is either looking for your online data or selling your personal information for profit, from your ISP to your government. It led people to look for cybersecurity tools that can safeguard their online interests. This search led people to rediscover a long-term industry solution, namely VPNs. As a result, the VPN industry saw a growth in the demand for their remote access client-based VPNs. A VPN is mainly of two types client-based (remote access) and network-based (site-to-site), but either can’t function without what is known as network tunneling technology. A VPN creates a secure pathway (connection) between your device and the internet by encrypting and routing your online traffic to remote servers. It works just like a tunnel and prevents any third party from snooping your online traffic.
VPNs use tunneling to extend a private network over a public one. A VPN is a tool that ensures your online security and privacy. Due to their ability to spoof your IP address and bypass geo-restrictions and government censorship, they have become popular in recent times. But all this is based on network tunneling (VPN tunnels). If you are wondering what a VPN tunnel is or how to know whether it is beneficial for you or not, continue reading. In this article, I will shed light on the technology known as VPN tunneling. I will try to explain the principles behind a VPN tunnel and how it works. Also, try to explore the various types of VPN tunnel protocols.
What is tunneling in networking?
Before we delve further into the topic of VPN tunnels, firstly, we have to understand the concept of the term tunneling in networking. Tunneling is a protocol in which data moves from one network to another but in a secure manner. A network may not support such protocols. However, it still allows for private network communication to be sent across a public one. It is possible via a process we call encapsulation. We all know that data travel over networks in the form of packets. What encapsulation does is that it allows the private data packets to appear public, thus allowing them unnoticed access. Tunneling is also known as port forwarding.
Encapsulation: The What, How, and Why
Data, when traveling over a network, is divided into packets. A regular data packet has two parts, header, and payload. The ‘header’ is a part that indicates the packet’s destination and which protocol it uses; Whereas the ‘payload’ contains the actual content of a data packet. An encapsulation packet is essentially a packet inside another one. In an encapsulated packet, the header and the payload of the initial packet go into the data packet surrounding it. Thus, the original becomes the payload of the surrounding packet.
Why is encapsulation on a tunnel useful?
Every data packet on a network uses a protocol. It is the standardized way of formatting data. However, protocols do not have universal compatibility, as not every network supports all protocols. Encapsulation ensures that a packet can move over any network unhindered. Another use of encapsulation is that it is beneficial for an encrypted network connection.
Encryption is the process of scrambling data; in such a way that it can only be used by unscrambling it by using a secret key. This process is what we call decryption. Note that a packet isn’t completely encrypted, as doing so will render it undeliverable. In the case of encapsulation, the initial packet is encrypted, which goes into the unencrypted one.
Various types of tunneling
- VPN tunneling
- split tunneling
- GRE tunneling
- SSH tunneling
- Point-to-Point tunneling (PPTP)
- Secure socket tunneling (SSTP)
- Layer 2 tunneling (L2TP)
- Virtual Extensible LAN (VXLAN)
In this article, I will only touch upon VPN tunnels.
What is VPN Tunneling?
We know that tunneling is securely transferring data from one network to another; on a public network. Thus, a VPN tunnel is a private and secure pathway; that connects a device to another without compromising security. It is an encrypted connection between a device on a network and the internet. It is inherent to VPNs (virtual private networks). As stated above, VPN tunneling involves protecting data by repackaging it into a different form. Like network tunneling, it uses protocols to access remote devices(servers) on the same network. However, in the case of VPN tunneling, the network is Virtual. VPN tunnels also utilize the conceptual process of encapsulating and encrypting data packets. They then send them over a virtual and private network securely.
The main feature of a VPN tunnel is to make sure the client remains anonymous while the online traffic is secure. It employs powerful encryption and the latest protocols to do so. Such as WireGuard/OpenVPN (they are protocols) and AES-256 encryption. Thus, we can conclude that a decent VPN tunnel has to have above-standard encryption and protocol. Without these, the encapsulation of data packets won’t be as safe and private.
What a VPN tunnel does can be summarized into these:
- Traffic Encryption – A VPN tunnel encrypts online traffic to and from the client.
- IP address spoofing – Tunneling helps you route your traffic via remote VPN servers thus, effectively hiding your IP address.
- Ensuring Public hotspots safety – You can use any public Wi-Fi hotspots free of worries.
Note – VPN tunneling works the same as tunneling on any network, as discussed above. It encapsulates data packets and then encrypts them before sending them out.
How secure is VPN tunneling?
Even when a VPN is very secure, it can fail. Although breaking encryption is near impossible, stealing an encryption key is not. It depends on what kind of protocol and encryption your VPN is running. A VPN tunnel can be created by several protocols; with any level of encryption. For continued security, some factors to consider are:
- Encryption – Use AES-256 bit encryption. It is the current market standard.
- Protocol – OpenVPN and WireGuard for best security, Avoid PPTP.
- Kill Switch – A kill switch is a necessity for a VPN, as it ensures your security.
- Key exchange – When a VPN client and server encrypt(decrypt) data using keys and certificates.
Types of VPN tunneling protocols
A VPN tunneling protocol is an agreed-upon set of rules amongst devices on the same network for secure data transmission. A rising VPN industry eventually gave birth to a lot of protocols. Some are obsolete and less secure, while some are right out of the oven with military-grade encryption.
Some common VPN tunnel protocols are:
- IPIP (Protocol 4): IP in IPv4/IPv6
- SIT/IPv6 (Protocol 41): IPv6 in IPv4/IPv6
- GRE (Protocol 47): Generic Routing Encapsulation
- OpenVPN (UDP port 1194): OpenVPN
- SSTP (TCP port 443): Secure Socket Tunneling Protocol
- IPsec (Protocol 50 and 51): Internet Protocol Security
- L2TP (Protocol 115): Layer 2 Tunneling Protocol
- VXLAN (UDP port 4789): Virtual Extensible Local Area Network
I will briefly explain some VPN tunneling protocols.
Point-to-Point tunneling protocol (PPTP)
It is one of the oldest VPN tunneling protocols. A group of vendors (led by Microsoft) developed this protocol back in 1999. This protocol supports both site-to-site and remote access VPNs. It is a fast protocol, although unreliable when it comes to security. It has one of the most user-friendly setup procedures. With requiring only a username, password, and server address for establishing a tunnel, it has nice customizability. This protocol is for those who need speed while bypassing geo-restricted websites to stream multimedia content. The major drawback of PPTP is a lack of standard encryption.
OpenVPN (VPN tunneling)
It is the most popular protocol of VPN providers. Highly secure and widely used, this Open source protocol is an all-time classic. It uses well-known SSL encryption to ensure your traffic’s safety. It supports several other strong encryptions too. With worldwide support, updates and security patches have never been a problem for OpenVPN. Indeed, no device supports OpenVPN out of the box. Yet, it is compatible with almost every OS out there, though it requires a third-party VPN client to configure it.
WireGuard (VPN tunneling)
WireGuard is the undisputed top protocol choice when it comes to VPN tunneling. It offers maximum speed and security. To boot, it is an open-source protocol, too. It is easy to implement and audit as it is a lightweight code consisting of only 4k lines. It is actually a hundred times less than OpenVPN. Not only is it free of any disadvantages of the old framework, but it is also free from the negative impact of network changes, making it a champion of mobile users.
Secure Socket Tunneling Protocol (SSTP)
Another VPN protocol from Microsoft. SSTP focuses on online activities. Microsoft Windows OS 7, 8, and 10 supports SSTP by default. It can transport internet traffic using the Secure Socket Layer (SSL) – the same protocol used for web connections (HTTPS). SSTP uses strong encryption, making it one of the top choices (especially amongst Windows lovers). It is one of the best alternate to L2TP/IPsec or PPTP. The advantage of SSTP is that it can’t be blocked, as HTTPS transmits it all over the internet unhindered.
Which VPN tunneling VPN to use?
There are some recommendations on what protocols to use. A user is free to use any of the introductory protocols. Although, few are a cut above the rest or to use for a specific task.
- Avoid PPTP if you value security. However, if you do not care for your safety and want to bypass geo-restrictions, this can be a suitable protocol as it is sufficiently fast.
- Though L2TP/IPsec provides 256-bit encryption, but is slower and struggles with firewalls given its fixed ports. It can be blocked.
- SSTP is very secure, has good speed, and doesn’t get blocked easily. Yet available only on Windows.
- Opt for WireGuard if not OpenVPN, as both are top of the protocol game and open-source on that.