This is Part 2 of our technical VPN guide. Read Part 1 for VPN basics, use cases, and getting started.
The Price of Internet Security
Slower Internet Speed
Additional encryption requires processing time. Traffic also frequently travels greater distances due to VPN server locations being geographically remote from users.
Connection Drops
Periodic VPN disconnections can cause sudden traffic exposure to public networks. Often you won't notice disconnection or data leakage, and VPN connections may not restore automatically. Modern Windows-based operating systems include VPN Reconnect functionality. Without it, special programs or routing configurations must monitor VPN connections — blocking transmitted information, closing applications, then restoring VPN connection upon disconnection.
IPv6 Compatibility Issues
Unfortunately, VPN almost never supports IPv6. Consequently, when public networks use IPv6 and internet resources also support it, traffic defaults to the open IPv6 network. Prevention requires simply disabling IPv6 in your operating system.
DNS Leaks
In practice, DNS requests often get processed by public network DNS servers rather than virtual protected ones. Incorrect responses can return fake addresses for requested domains. Unsuspecting users might be redirected to fraudulent online banking sites. DNS servers can also reveal approximate geolocation and internet provider information.
Legal Considerations
Various legal aspects exist across jurisdictions. VPN clients and servers often reside in different countries, with traffic potentially transiting through third countries. This creates possibilities for copying transmitted data for later decryption and analysis.
Beyond what gets encrypted, how it's encrypted matters. Not all cryptographic methods are permitted everywhere. Network equipment manufacturers (including VPN solution providers) must disable certain encryption algorithms and reduce maximum key lengths when exporting to other countries.
The problem extends to global encryption standards themselves being potentially vulnerable. Standardization organizations have faced accusations of permitting vulnerable versions of pseudo-random number generators, significantly simplifying decryption of information protected using those generators. Standards are also criticized for deliberately complicated descriptions.
How VPN Actually Works
A VPN connection creates a "tunnel" between the user's computer and a server computer. Each node encrypts data before it enters the tunnel.
The process works as follows:
- Connection initiation — You connect to VPN, the system identifies your network and begins authentication (comparing entered password against its database)
- Authorization — The server authorizes you, granting rights to perform specific actions: reading email, internet surfing, etc.
- Encrypted transmission — After connection establishment, all traffic transmits between your PC and server in encrypted form
- IP substitution — Your PC has an IP address provided by your internet provider. This IP blocks access to certain sites. The VPN server replaces your IP with its own
- External resource access — From the VPN server, all data transmits to external resources you request. Now you can view any resources without being tracked
However, remember that not all information gets encrypted. Different VPN providers vary in encryption strength, connection concealment, log storage (records of visited sites, real IP addresses, etc.), and cooperation with third parties requesting information.
If a VPN provider doesn't record logs at all, there's nothing to transfer to third parties. Connection concealment is a rarer service. Incorrect connection or sudden disconnection can leak some data. Multihop VPN technology solves this by connecting to sites through multiple servers simultaneously.
Popular VPN Protocols Compared
PPTP — Point-to-Point Tunneling Protocol
Advantages:
- Supported by all operating systems
- Doesn't require significant computing power
Disadvantages:
- Poor security — outdated encryption methods, weak architecture, implementation errors
- No encryption by default
- Can be cracked in less than 24 hours
Use case: When data protection isn't critical or no other options exist.
L2TP — Layer 2 Tunneling Protocol
Advantages:
- More effective for building virtual networks
Disadvantages:
- More demanding on computing resources
- No encryption by default
Works together with other protocols, most commonly IPSec. Used by internet providers and corporate users.
IPSec — Internet Protocol Security
A group of protocols and standards for secure connections.
Advantages:
- Good architecture
- Reliable algorithms
- Hardware acceleration compensates for resource demands
Disadvantages:
- Complex configuration (incorrect setup reduces protection)
- Requires significant computing resources
Often used together with other technologies.
SSL/TLS — Secure Sockets Layer & Transport Layer Security
A group of methods including SSL and TLS protocols plus other protection methods.
Advantages:
- Passes through most public networks without issues
Disadvantages:
- Relatively low performance
- Complex configuration requiring additional software
Used on websites with URLs starting with "https" (indicated by a green padlock icon).
OpenVPN
An SSL/TLS implementation that deserves special mention:
- Open source code
- Implemented for virtually all platforms
- Considered highly reliable
- Widely recommended for most users
Conclusion
VPN represents a technology complex enabling logical network creation over physical networks. It protects traffic from interception and enables secure internet activity. VPN opens access to blocked resources, leading many users to accept slower internet speeds and potential program logging.
Although VPN uses fairly reliable encryption algorithms, enabling a VPN client on your PC doesn't guarantee 100% confidential information preservation. Therefore, carefully evaluate VPN provider selection.
Key takeaways:
- VPN creates encrypted tunnels for secure data transmission
- Different protocols offer varying security and performance trade-offs
- No VPN solution provides absolute protection
- Provider trustworthiness matters as much as technical implementation
- Consider your specific needs when choosing VPN solutions
Understanding these technical aspects empowers informed decisions about which VPN solution best fits your security requirements and use case.