A VPN tunnel encapsulates your connection between your device and your destination. Your traffic becomes encrypted and inaccessible from outside, so neither your Internet Service Provider (ISP) nor your government can see what you’re doing online.
Using a VPN is a good idea when you want to protect your personal or business data from hackers online. But what exactly is a VPN tunnel? Let’s find out.
How does VPN tunneling work?
Generally speaking, VPN tunneling means simply using a VPN service. Therefore, the answer to “How does VPN tunneling work?” is virtually the same as to “How does a VPN work?“.
And now here’s what a VPN tunnel does:
- Traffic encryption. Your data becomes protected from the third-parties.
- Hiding your IP address. The VPN tunnel funnels your traffic through to a VPN server, hiding your IP. Without the IP, there’s no way to tell your location.
- Securing wifi hotspots. You no longer have to worry about your safety when using public wifi.
To make VPN tunneling work, first, you have to get a VPN service. Once you connect to the desired server, a VPN tunnel will be established. Without it, your ISP sees everything you do online, but this is impossible after you connect to a VPN server. That’s because of the encryption and hidden IP address.
But what about the VPN itself? Can it see and log the websites you visit and the files you download?
Most VPN services claim to have a strict no-logs policy, which means they don’t monitor and store personally identifiable information. They may log your device type or the browser version and aggregate the data, and that’s about it. However, some providers log your data and are open about it, which means you shouldn’t do anything that would get you into trouble. The biggest issue is with the VPNs that log everything secretly because there’s no easy way to test their claims.
Having said all that, your best bet is to use a reputable VPN service that either has an independently-audited or a court-proven no logs policy. Finally, it would help if you also looked at the history of your chosen VPN. Has it been involved in any scandals? If so, are they related to logging user data?
What is a tunneling protocol?
A tunneling protocol, or a VPN protocol, allows sending and receiving data among two networks. Just like a real-world protocol is used for communication between two entities, a tunneling protocol also defines the rules for effective information movement. VPN tunneling protocols also encapsulate private data and send it over the internet.
Tunneling protocols vary in speed, security, stability, and license type (open-source or closed-source). Furthermore, some are created by the VPNs themselves for their own apps. And most dangerously, some of them are outdated but still available on many VPN apps. Let’s look at the most popular VPN protocols and see which ones are worth using.
Types of VPN tunnel protocols
VPN tunneling protocols are pretty different and come with their own pros and cons. Some may excel in speed but have lackluster security and vice versa. At the moment of writing this article, the most popular tunnel protocols are OpenVPN, IKEv2/IPSec, and L2TP/IPSec. However, the next-gen WireGuard protocol is being implemented in many premium VPN services.
Below you will find a list of VPN tunneling protocols, ranked from best to worst. Don’t forget that not all providers offer the same set of protocols, and even if they do, their availability will be different across desktop and mobile devices.
Security: Very high
Speed: Very high
WireGuard is hands-down the best tunnel protocol available right now. It offers unprecedented speed and security, using top-notch encryption. What’s more, this open-source protocol is easy to implement and audit thanks to its lightweight code, consisting of only 4000 lines. That’s a hundred times less than OpenVPN, the most popular protocol.
Built from the ground up, WireGuard is free from any disadvantages that come with an old framework. It’s also free from the negative impact of network changes, making it a go-to choice for mobile users.
One thing to note is that WireGuard is still in development and its best days are still ahead. However, quite a few reputable providers already offer it.
Released almost two decades ago, OpenVPN is still the most popular tunneling protocol. However, because of WireGuard, it’s slowly losing its position for good. Despite that, you still get first-class security and fast speeds with this open-source VPN tunneling protocol.
You may encounter two versions of OpenVPN – TCP and UDP. The former is more stable and the latter offers a faster connection. However, if you’re seeking both speed and stability, you should run a speed test with TCP and UDP – chances are the difference will be negligible.
This combination of protocol rivals OpenVPN in terms of popularity, security, and speed. Created by Microsoft and Cisco with mobile users in mind, IKEv2 excels at maintaining your VPN connection whenever you switch from one network to another. Due to the native support, it’s especially popular on iPhone and iPad devices.
Another great benefit that IKEv2 brings is low CPU usage, meaning it won’t drain your battery as much as the clunky OpenVPN would. Finally, you don’t have to use IKEv2 within the VPN app – you can set it up manually by following your provider’s instructions.
L2TP/IPSec is a soon-to-be-retired VPN tunneling protocol that you can still find in some services, especially those that have trouble implementing OpenVPN on iOS. I could have ranked its security as “high,” but I can’t ignore that it’s been mentioned in Snowden’s leaks. If what he says is true, then the NSA may have the tools to exploit L2TP/IPSec.
Just like IKEv2/IPSec, this one combines two protocols where one is responsible for encapsulating your traffic, and the user takes care of encryption. Because L2TP/IPSec uses UDP instead of TCP, it might have stability issues. Therefore, using it on your smartphone is not recommended.
When it comes to speed, the difference between SSTP and L2TP/IPSec is not that big. However, the reason why the former sits one place below is compatibility. SSTP was created by Microsoft and works on Windows only. What’s more, there’s always a chance that its creators have left some unlocked back doors in case the NSA comes calling.
Putting conspiracies aside, SSTP is great for bypassing The Great Firewall of China. However, it will be tough to find a VPN that still supports this tunneling protocol. And even if you do, a proper stealth-focused protocol should fare better against Deep Packet Inspection (DPI).
PPTP is an outdated VPN tunneling protocol that I don’t recommend you use. Just like its younger brother SSTP, this one was developed by Microsoft back in the days of Windows 95. And unlike its younger brother, PPTP is available even without a VPN app on all major platforms, including Linux.
There’s more than one widely-known security vulnerability that makes using PPTP risky. Even its biggest advantage, high speeds, stems from the poor encryption. To sum up, if all you need is a fast connection, WireGuard is the better choice.
Which tunneling protocol should I use?
Whether speed or security is more important to you, you should always choose WireGuard where available. It’s a next-gen tunneling protocol that will make all others obsolete in the upcoming years. It’s both secure and extremely fast no matter what kind of device you use. Therefore, when looking for a VPN, pick the one that already has WireGuard.
That being said, if you are subscribed to a provider that doesn’t offer WireGuard, you shouldn’t panic. Both OpenVPN and IKEv2/IPSec are great protocols with military-grade encryption and fast speeds. If your baseline connection is OK, you will be able to stream in HD or even 4K and download torrents swiftly, unless the VPN server is on the other side of the globe.
You should only consider switching to another VPN provider if you can’t pick one of the three protocols mentioned above. L2TP/IPSec can be a temporary solution, but anything less is not recommended.
What is split tunneling?
Split tunneling allows you to choose which websites or apps should use a VPN tunnel and which ones should stay outside. This feature is useful when you want to watch a show that’s available in the US and read a local version of a news portal. Another example would be using your office’s printer while torrenting securely with a VPN.
However, not all VPN providers offer this feature. Even if they do, the chances are that split tunneling is available on certain devices and operating systems only. Therefore, always check your options before committing long-term.
Even if you don’t see a reason to use split tunneling on your laptop or smartphone, you might want this feature if you have a VPN configured on your router. Imagine that you want to play online with your game console and find the latency unbearable. In such a scenario, disconnecting your PlayStation or Xbox with split tunneling easily solves the issue.
Of course, before using split tunneling, you should understand the risks. If you visit a shady website, it might inject malware on your device. And if a hacker gets into your smart TV, it’s only a matter of time before he can access your whole home network.
How does tunneling work on a VPN?
A VPN tunnel links your device with your destination by using a VPN protocol. Your connection becomes encrypted, and your IP address is no longer visible to anyone outside the tunnel. The speed and security of such a tunnel highly depend on your VPN provider’s protocol, encryption type, and additional security and privacy features.
If you’re using a VPN app, you don’t have to set up a VPN tunnel. It will be done automatically, and your only task is to choose between the available VPN protocols (and servers). However, most VPN services offer manual configuration guides on different devices, such as routers or smart TVs. To see your options, visit the provider’s website or contact customer support.