VPN Protocols

This section introduces key VPN protocols responsible for secure and private communication over untrusted or public networks. VPN protocols encapsulate and encrypt traffic to maintain confidentiality, integrity, and access control.

Protocol	Description	Use Case
PPTP (Point-to-Point Tunneling Protocol)	Legacy VPN protocol using GRE tunneling and MS-CHAPv2. Fast but considered insecure.	Legacy Windows support
IPsec (Internet Protocol Security)	VPN protocol suite at Layer 3 supporting encryption, authentication, and key exchange. Supports tunnel and transport mode.	Site-to-site and remote-access VPNs
L2TP (Layer 2 Tunneling Protocol)	Layer 2 tunneling protocol usually paired with IPsec. Encapsulates PPP frames.	Remote VPN access with IPsec
OpenVPN 1.0	Open-source VPN using SSL/TLS. Highly configurable and widely adopted.	Cross-platform secure VPN deployment
SSL VPN	TLS-based VPN access via browser or lightweight clients. Clientless and easy to deploy.	Web-based access to internal apps
IKEv2 (Internet Key Exchange v2)	Protocol used with IPsec for key exchange and security associations. Fast reconnection and mobile-friendly.	Mobile VPNs with always-on behavior
WireGuard	Modern, lightweight VPN protocol using strong cryptography. Simple configuration, very fast.	Personal and enterprise secure VPN
Lightway	ExpressVPN’s proprietary protocol. Designed for speed and mobile optimization.	Consumer-grade fast VPN access
OpenVPN 2.5+	Enhanced OpenVPN with improved performance and TLS 1.3 support. Updated cipher suites and better threading.	Enterprise VPNs with open-source control

PPTP (Point-to-Point Tunneling Protocol)

RFC: RFC 2637

Main Features:

• Encapsulates PPP over GRE

• Fast setup and lightweight

• Weak encryption (MS-CHAPv2)

Use Cases:

• Legacy Windows compatibility

• Non-sensitive connections

Alternative Protocols:

• L2TP/IPsec – Stronger encryption

• OpenVPN – Open-source and modern

Let us learn more about PPTP:

• Learnings in this section

• Terminology

• Version Info

• PPTP Version&RFC Details

• PPTP Basic Setup on Ubuntu using IPv4

• PPTP Basic Setup on Ubuntu using IPv6

• PPTP Protocol Packet Details

• PPTP Usecases

• PPTP Basic Features

• PPTP Feature : Tunneling Protocol

• PPTP Feature : VPN Support

• PPTP Feature : Authentication

• PPTP Feature : Encryption

• PPTP Feature : Session Management

• PPTP Feature : GRE Encapsulation

• PPTP Feature : IP Address Assignment

• PPTP Feature : Compression Support

• PPTP Feature : NAT Traversal

• PPTP Feature : Lightweight Implementation

• Reference links

Jump to “PPTP”

IPsec (Internet Protocol Security)

RFC: RFC 4301

Main Features:

• Provides encryption, integrity, and authentication

• Works in transport or tunnel mode

• Core protocols: AH, ESP, IKE

Use Cases:

• Remote access VPNs

• Site-to-site encrypted tunnels

Alternative Protocols:

• WireGuard – Simpler, newer

• SSL VPN – For application-layer VPN

Let us learn more about IPsec:

• Learnings in this section

• Terminology

• Version Info

• IPsec Version&RFC Details

• IPsec Basic Setup on Ubuntu using IPv4

• IPsec Basic Setup on Ubuntu using IPv6

• IPsec Protocol Packet Details

• IPsec Usecases

• IPsec Basic Features

• IPsec Feature : Encryption

• IPsec Feature : Authentication

• IPsec Feature : Integrity Checking

• IPsec Feature : Tunneling and Transport Modes

• IPsec Feature : Key Exchange (IKE/IKEv2)

• IPsec Feature : Security Associations (SAs)

• IPsec Feature : Protocol Support (ESP & AH)

• IPsec Feature : NAT Traversal

• IPsec Feature : Replay Protection

• IPsec Feature : Flexible Algorithm Support

• Reference links

Jump to “IPsec”

L2TP (Layer 2 Tunneling Protocol)

RFC: RFC 2661

Main Features:

• Tunnels PPP traffic

• No encryption by itself

• Commonly paired with IPsec

Use Cases:

• Remote user VPN access

• Windows/macOS native clients

Alternative Protocols:

• OpenVPN – More flexible

• SSL VPN – No client needed

Let us learn more about L2TP:

• Learnings in this section

• Terminology

• Version Info

• L2TP Version&RFC Details

• L2TP Basic Setup on Ubuntu using IPv4

• L2TP Basic Setup on Ubuntu using IPv6

• L2TP Protocol Packet Details

• L2TP Usecases

• L2TP Basic Features

• L2TP Feature : Tunneling

• L2TP Feature : Session Multiplexing

• L2TP Feature : Control and Data Separation

• L2TP Feature : Protocol Independence

• L2TP Feature : UDP-Based Transport

• L2TP Feature : No Native Encryption

• L2TP Feature : AVP-Based Control Messages

• L2TP Feature : Reliable Control Messaging

• L2TP Feature : Tunnel and Session IDs

• L2TP Feature : Extensibility (L2TPv3)

• Reference links

Jump to “L2TP”

OpenVPN 1.0

RFC: N/A

Main Features:

• Uses SSL/TLS for encryption

• Cross-platform and open source

• Supports TCP or UDP transport

Use Cases:

• Secure VPN for desktops and servers

• Privacy-focused VPNs

Alternative Protocols:

• WireGuard – Faster setup and lighter

• IPsec – Integrated into OS

Let us learn more about OpenVPN 1.0:

• Learnings in this section

• Terminology

• Version Info

• OpenVPN 1.0 Version&RFC Details

• OpenVPN 1.0 Basic Setup on Ubuntu using IPv4

• OpenVPN 1.0 Basic Setup on Ubuntu using IPv6

• OpenVPN 1.0 Protocol Packet Details

• OpenVPN 1.0 Usecases

• OpenVPN 1.0 Basic Features

• OpenVPN 1.0 Feature : SSL/TLS Tunneling

• OpenVPN 1.0 Feature : Static Key Encryption

• OpenVPN 1.0 Feature : Point-to-Point Mode

• OpenVPN 1.0 Feature : TUN/TAP Interface Support

• OpenVPN 1.0 Feature : Cross-Platform Compatibility

• OpenVPN 1.0 Feature : Portability

• OpenVPN 1.0 Feature : Basic Configuration Files

• OpenVPN 1.0 Feature : No Compression

• OpenVPN 1.0 Feature : No Client-Server Mode

• OpenVPN 1.0 Feature : OpenSSL Integration

• Reference links

Jump to “OpenVPN 1.0”

WireGuard

RFC: RFC 8999

Main Features:

• Small codebase

• Uses modern crypto (ChaCha20, Curve25519)

• Stateless and fast

Use Cases:

• Lightweight VPN for mobile/IoT

• High-performance remote access

Alternative Protocols:

• OpenVPN – Flexible but heavier

• IPsec – Standardized and proven

Let us learn more about WireGuard:

• Learnings in this section

• Terminology

• Version Info

• WireGuard Version&RFC Details

• WireGuard Basic Setup on Ubuntu using IPv4

• WireGuard Basic Setup on Ubuntu using IPv6

• WireGuard Protocol Packet Details

• WireGuard Usecases

• WireGuard Basic Features

• WireGuard Feature : Modern Cryptography

• WireGuard Feature : Simplicity

• WireGuard Feature : High Performance

• WireGuard Feature : Stateless Design

• WireGuard Feature : UDP-Based Transport

• WireGuard Feature : IP Layer Tunneling

• WireGuard Feature : Key-Based Authentication

• WireGuard Feature : Roaming Support

• WireGuard Feature : Cross-Platform Compatibility

• WireGuard Feature : Easy Configuration

• Reference links

Jump to “WireGuard”

SSL VPN

RFC: N/A (uses TLS – RFC 5246)

Main Features:

• Web-based access via HTTPS

• No dedicated VPN client needed

• Works through firewalls/NAT easily

Use Cases:

• Access to internal web apps

• Quick and clientless remote access

Alternative Protocols:

• OpenVPN – More customizable

• IPsec – Better for full network tunneling

Let us learn more about SSL VPN:

• Learnings in this section

• Terminology

• Version Info

• SSL VPN Version&RFC Details

• SSL VPN Basic Setup on Ubuntu using IPv4

• SSL VPN Basic Setup on Ubuntu using IPv6

• SSL VPN Protocol Packet Details

• SSL VPN Usecases

• SSL VPN Basic Features

• SSL VPN Feature : Encrypted Communication

• SSL VPN Feature : User Authentication

• SSL VPN Feature : Access Control

• SSL VPN Feature : Application-Level Access

• SSL VPN Feature : Web-Based Access

• SSL VPN Feature : Session Management

• SSL VPN Feature : Endpoint Security Checks

• SSL VPN Feature : Logging and Auditing

• SSL VPN Feature : Split Tunneling

• SSL VPN Feature : High Availability & Failover

• Reference links

Jump to “SSL VPN”

IKEv2 (Internet Key Exchange v2)

RFC: RFC 7296

Main Features:

• Key management for IPsec

• Supports MOBIKE (mobility + multihoming)

• Resilient on mobile networks

Use Cases:

• Always-on VPNs

• Enterprise mobile devices

Alternative Protocols:

• IKEv1 – Older and less efficient

• WireGuard – Simpler and lighter

Let us learn more about IKEv2:

• Learnings in this section

• Terminology

• Version Info

• IKEv2 Version&RFC Details

• IKEv2 Basic Setup on Ubuntu using IPv4

• IKEv2 Basic Setup on Ubuntu using IPv6

• IKEv2 Protocol Packet Details

• IKEv2 Usecases

• IKEv2 Basic Features

• IKEv2 Feature : Secure Key Exchange

• IKEv2 Feature : Authentication

• IKEv2 Feature : Security Associations (SAs)

• IKEv2 Feature : Mobility and Multihoming (MOBIKE)

• IKEv2 Feature : Session Resumption

• IKEv2 Feature : Message Fragmentation

• IKEv2 Feature : Traffic Selectors

• IKEv2 Feature : Encryption Agility

• IKEv2 Feature : Post-Quantum Readiness

• IKEv2 Feature : Extensibility via Payloads

• Reference links

Jump to “IKEv2”

Lightway

RFC: Proprietary (by ExpressVPN)

Main Features:

• Fast and lightweight

• Designed for mobile devices

• Uses wolfSSL library for encryption

Use Cases:

• Fast reconnection on mobile

• Consumer VPN apps (e.g., ExpressVPN)

Alternative Protocols:

• WireGuard – Open-source alternative

• OpenVPN – More robust configuration options

Let us learn more about Lightway:

• Learnings in this section

• Terminology

• Version Info

• Lightway Version&RFC Details

• Lightway Basic Setup on Ubuntu using IPv4

• Lightway Basic Setup on Ubuntu using IPv6

• Lightway Protocol Packet Details

• Lightway Usecases

• Lightway Basic Features

• Lightway Feature : Lightweight Design

• Lightway Feature : Fast Connection & Reconnect

• Lightway Feature : Modern Cryptography

• Lightway Feature : Cross-Platform Support

• Lightway Feature : Battery Efficiency

• Lightway Feature : Session Persistence

• Lightway Feature : Minimal Attack Surface

• Lightway Feature : Open Source Transparency

• Lightway Feature : Rust Implementation (v2+)

• Lightway Feature : Future-Ready Architecture

• Reference links

Jump to “Lightway”

OpenVPN 2.5+

RFC: N/A

Main Features:

• TLS 1.3 support

• Better multi-threading, IPv6 handling

• Support for AES-GCM and ChaCha20

Use Cases:

• Secure and scalable VPN

• Enterprise and personal VPN solutions

Alternative Protocols:

• WireGuard – Lightweight, simpler to configure

• IKEv2 – Optimized for mobile and always-on use

Let us learn more about OpenVPN 2.5+:

• Learnings in this section

• Terminology

• Version Info

• OpenVPN 2.5+ Version&RFC Details

• OpenVPN 2.5+ Basic Setup on Ubuntu using IPv4

• OpenVPN 2.5+ Basic Setup on Ubuntu using IPv6

• OpenVPN 2.5+ Protocol Packet Details

• OpenVPN 2.5+ Usecases

• OpenVPN 2.5+ Basic Features

• OpenVPN 2.5+ Feature : Secure Tunneling

• OpenVPN 2.5+ Feature : Protocol Flexibility

• OpenVPN 2.5+ Feature : TLS Cryptography

• OpenVPN 2.5+ Feature : Cipher Negotiation

• OpenVPN 2.5+ Feature : Authentication Options

• OpenVPN 2.5+ Feature : Asynchronous Authentication

• OpenVPN 2.5+ Feature : Client Configuration Push

• OpenVPN 2.5+ Feature : IPv6 Support

• OpenVPN 2.5+ Feature : Compression (Deprecated)

• OpenVPN 2.5+ Feature : High Availability

• Reference links

Jump to “OpenVPN 2.5+”