VPN Tunnels Explained min

Compare VPN Protocols – PPTP, L2TP, OpenVPN, SSTP & IKEv2.

Reading Time: 5 minutes

Last Updated on July 13, 2021 by Calvin C.

If you’ve used VPNs before or have read about them online, you may have seen the term “VPN Tunnel” thrown around.

VPN tunnels are an essential part of how VPNs work and understanding the different VPN tunnel protocols can really help you pick the right VPN for your needs.

While all tunneling protocols encrypt and mask your internet data, they are not all made the same with some of them giving you considerably less security over your connection.

Lets take a look and compare VPN protocols that are commonly used in VPN Tunnels and see how they work.

What exactly is a VPN Tunnel?

A VPN tunnel is a connection between you and your VPN in which your data is encrypted and routed through a “tunneling” protocol.

These protocols are what encrypts your data so that is is undecipherable and they all aim to do the same thing but in different ways.

Certain tunneling protocols offer much more secure connections then others, but there are trade offs a lot of the time such as slower connection speeds.

Just like many other industries, advances and innovations have been made in the VPN world and we now have protocols that can offer the best encryption while not compromising speed.

compare vpn protocols

Types Of VPN Tunneling Protocols

There are many types of tunneling protocols but the VPN industry has landed on four that seem to be the preferred standards.

L2TP/IPSec, PPTP, SSTP and OpenVPN are really the only tunnel protocols you will see VPNs use, but it is important to understand the differences between these protocols.

As long as you are using a quality VPN provider you can probably feel safe with the protocol they are using, it is important to note though that some of these protocols come with security and speed issues that you should be aware of.


Layer 2 Tunneling Protocol(L2TP) is often used together with Internet Protocol Security(IPSec) to provide an encrypted connection.

L2TP by itself is simply encrypting control messages that is sent out through the connection. Other data packets that are sent remain unencrypted making this protocol ineffective on its own when it comes to protecting your internet browsing.

This is why L2TP is always used together with IPSec since IPSec can handle the encryption of the remaining data being sent on the connection.

IPSec wraps the remaining data packets with encryption on top of the other encrypted packets from L2TP.

This ends up creating a two layered encryption for the data being sent out, leaving it undecipherable to anyone trying to capture the data.

L2TP/IPSec does have an affect on connection speeds and this has been a big reason for the push to develop other protocols that can achieve this level of encryption in a way that does not sacrifice speed.

Another huge downside to L2TP/IPSec is that it uses “fixed” ports to send data out, which means that it has a hard time getting around firewalls and is easier to block.


Point-To-Point Tunneling Protocol(PPTP) is the one of the oldest tunneling protocols used by VPNs and was actually created by Microsoft and released way back with Windows 95.

PPTP operates similarly to most other tunnel protocols with the main difference being it’s very low level of encryption.

All data packets getting sent out over PPTP are encrypted but they are minimally encrypted.

The particular benefit of this protocol is that it is fast and often doesn’t have an affect on connection speeds, this is of course a result of it doing less to encrypt the data.

It is pretty safe to say that back in 1995 the standard for data encryption just did not need to be that high, but nowadays a protocol like this can be cracked like nothing if someone really wanted to.

You normally won’t see bigger VPN companies using this type of encryption because of its vulnerability, but sometimes this encryption is used by smaller or free VPNs.

Make sure when checking a VPNs tunneling protocol to avoid PPTP unless the bare minimum level of encryption is all you require.


Over the years of developing tunneling protocols, you would think that the VPN industry would find a way to offer high level encryption combined with fast connection speeds.

Well, through the beauty of open source development, we now have OpenVPN protocol!

OpenVPN is quickly becoming the new standard in the VPN world and most of the top rated VPN services are using this protocol.

This protocol really does offer the most advanced tunneling for a VPN, using AES 256-Bit encryption and having no negative affect on connection speeds, it is easy to see why this is becoming the new standard.

Like everything though, this protocol has to balance out it’s positives with a negative of some sort and in this case this protocol can be tricky to configure.

Even though some VPNs are very user friendly, the back end side of OpenVPN is downright tricky to configure. This headache is mainly reserved for people developing and for the most part it is easy to use OpenVPN through your VPN provider.


SSTP is a proprietary Windows tunneling protocol that has been used for many years now.

This protocol is built to use the SSL “socket layers” to transport data, and because it is not using a “fixed” port it is easier for it to get around firewalls.

Since this protocol uses SSL for encryption, it is actually fairly secure. A big downfall of this protocol though is that it is not open source which means it is less flexible and the development of the protocol is not as transparent.

Since it is a native Windows protocol, no third party audits have been done for potential backdoor vulnerabilities and the protocol remains unavailable for other operating systems.

This is why you won’t see SSTP become more commonly used as it is too limiting in the amount of people that can use it.

It is safe to say that SSTP will most likely continue to be supported by Microsoft in the future.

Final Words

When we start looking at the different tunneling protocols out there, it becomes apparent that there are some technical differences that leave them with certain advantages and disadvantages.

While all of them offer varying degrees of encryption, some protocols can have a drastic affect on connection speeds that can seriously degrade network quality.

OpenVPN is the most well rounded and safest bet to use if you have the option to use it, but other options like L2TP/IPSec can offer up an acceptable alternative.

If you are serious about protecting yourself online, it is important to understand the way these protocols work and the downfalls that each of them have.

The best thing you can do is figure out your needs when it comes to a VPN and then compare that against the positives and negatives of each tunneling protocol.

You may find that the level of encryption on a PPTP tunnel is satisfactory for your needs, or you may determine you need the high level of encryption that OpenVPN offers.

All in all, as long as you are using a VPN you are much more protected then you would be without one.

Leave comments below and share the article on social media.

Collin is a Network Technician and the founder of VPN Report Card, a site dedicated to providing informative VPN reviews and helpful VPN related guides.

Leave a Reply

Your email address will not be published. Required fields are marked *