Types of VPNs and How to Pick the Right One For You

types-of-vpns

All VPNs have one thing in common: they make your internet connection more secure. Consumer VPNs are used as proxies to hide web browsing, circumvent geo-blocking for video streaming services, and secure browsing over public Wi-Fi. 

Business VPNs safely connect employees to a network, be it a private network like corporate WANs, or a public network like the Internet. However, they differ according to the use case they serve, which forms the basis for their categorization. 

These differences may also extend to their installation and operation. In this article, we’ll look at the different types of VPNs, their use cases, how they function, and how to choose one that fits your specific use case. But first, we’ll have to understand what a VPN is.

The Importance of a VPN

In the last couple of years, there have been two major trends in the business world: migration of corporate resources to the cloud and massive adoption of hybrid and remote work modes. 

As a result of these trends, most corporate resources and many employees who use them no longer reside on-prem. Therefore, there’s a need to provide access to these resources without exposing them to cyber criminals.

This is where VPNs come in. A VPN is a technology that provides this much-needed secure remote access to corporate resources, whether they’re in the cloud or on-prem.

Difference between Network and Service 

Most people that think of a VPN visualize a client software on their device, but the software is not the actual network. It’s usually offered as a service by a VPN provider and helps you connect your device to various company resources. 

Types of VPN

There are several types of VPNs you should know about as you’re deciding which one is best for your needs.

Remote Access VPN

If you want to give your remote employees access to your company’s network individually, then Remote Access VPN is the way to go. All VPNs are essentially remote-access, except for legacy VPNs which aren’t (and shouldn’t) be used by your company. Switch to a cloud-based VPN for all of your security needs.

How Remote Access VPNs Work

This kind of VPN operates a client-to-server connection type, which means that each user has credentials and registered devices (with client software installed on each device) only through which they can gain access to the private network on which the VPN is provisioned.

To gain access to this network, the following has to happen.

  • The VPN has to authenticate the user to ensure that they are authorized to access the network. Usually, authenticating factors such as a password or a fingerprint are employed. 
  • When the user has been authenticated, the VPN will then create an encrypted communication channel (called a tunnel) between the user’s device and the VPN server. 
  • Once the tunnel is created, the user can access the network.

When to use a Remote Access VPN

Examples of specific use cases include:

  • Employees who have to access your network from an off-prem location. This includes remote employees and employees who travel frequently.
  • Third-party vendors who must connect to your network remotely to carry out their duties.
  • Remote Access VPN may also be used in times of disaster when employees cannot work on-prem.

Site-to-Site VPN

If you want to join two or more Local Area Networks (LANs) situated in different locations into a single Wide Area Network (WAN), consider Site-to-Site VPN.

When to use site-to-site VPN

There are two scenarios where a site-to-site VPN may be implemented.

  • Where a business has already established LANs in two or more offices geographically apart and wants to combine these LANs into a single WAN. In this scenario, the VPN is referred to as an intranet-based VPN.
  • When two or more companies want to connect their networks to share resources more efficiently, the VPN is said to be an extranet-based VPN.

How Site-to-Site VPNs Work

Site-to-Site VPNs are adapted to particular use cases and are provisioned accordingly. However, there are two overarching ways to implement them. 

  • As internet-based VPNs
  • As Multi-Protocol Label Switch VPNs

Internet-Based VPNs

In this scenario, the VPN utilizes the public internet to connect two or more LANs at different locations. Site-to-Site VPN may be provisioned in two ways under this scenario.

IPSec Tunnel 

Here, networks are connected using gateways. The VPN establishes a tunnel between the gateways of the connecting LANs to facilitate encrypted communication. The sending network encrypts the communication, while the receiving network decrypts it.

A downside of using the IPsec tunnel is that, due to the level of configuration involved, it is complicated to scale as the number of connecting networks increases. This leads us to the second kind of VPN.

Dynamic Multipoint VPN (DMVPN)

This method is used when the IPSec tunnel is not an option- usually when there are many LANs to connect (often in hundreds or thousands) and configuring IPSec tunnels is not feasible.

Instead of using the gateway-to-gateway connection as is obtainable in the IPSec tunnel VPN, DMVPN utilizes a hub-and-spoke model where all the branch office LANs connect to the main office LAN. Branch office LANs can also be configured to connect to one another.

Multiprotocol Label Switching VPN

Due to the use of network addresses to send data packets (which may have to go through many points before it gets to their destination), Internet-based VPN connections over a WAN may have latency issues and tend to deliver poor performance. 

This problem is solved by MPLS, which uses ‘labels’ to route data packets through the shortest possible path to their destination. Reducing routing time coupled with the presence of multiple protocols will usually translate to increased network performance and, therefore, better user experience.

A downside of this method is its cost.

Personal VPN

A personal VPN is built to facilitate anonymity and traffic encryption for private individuals who browse the internet.

When to Use a Personal VPN

  • When there’s a need to gain access to geographically restricted content online.
  • To shroud your traffic from malicious actors who may want to tamper with it.
  • To hide your IP address and appear anonymous online.

How Personal VPNs Work

A personal VPN is an intermediary between your device (on which it is implemented) and a remote server. 

Say you type in a keyword on Google with your VPN active and click ‘search.’ The VPN will encrypt your query (so that it is unreadable to all other parties online except the VPN server) and send it to the VPN server via a tunnel created between your device and the VPN server. 

This server will decrypt the traffic and send it to the receiving node. When the receiving node returns a response, this process is reversed, with your device as the receiving node.

Personal VPNRemote Access VPNSite-to-Site VPN
ConnectionUser to the internetUser to a private networkNetwork to network
SoftwareInstall softwareInstall software or configure operating systemsNo software needed
Best forCloaking IP addresses and accessing geographically restricted pages and content.Accessing corporate resources remotely.Merging multiple LANs into a Single WAN

Types of VPN Protocols 

An active VPN must authenticate, encrypt and transmit data. A VPN protocol is a body of rules and procedures by which it carries out these three duties.

There are many VPN protocols, the most relevant of which are:

Internet Protocol Security (IPSec)

IPSec weighs heavily on the side of security. It facilitates a secure data exchange by encrypting the traffic and authenticating traffic sources. With its dual mode- Transport and Tunnelling modes- it can encrypt just the message or the data packet and the message contained within it, respectively.

Open VPN

As its name implies, this VPN protocol is open-source, meaning anyone can review its code to enhance it.

Open VPN is hard to set up but delivers excellently on both security and speed, making it one of the most secure protocols.

WireGuard

WireGuard is the most recent and advanced of all the protocols. It is open-source and delivers excellently on security, speed, and stability.

Layer 2 Tunneling Protocol (L2TP)

L2TP facilitates a direct connection to the VPN with no security. It offers neither encryption of data nor does it authenticate sessions. To amend this downside, it is usually paired with IPSec.

Another downside of L2TP is that it is lacking in terms of speed.

Point-to-Point Tunneling Protocol (PPTP)

This is one of the oldest VPN protocols and is considered weak and susceptible to brute-force attacks. What the PPTP lacks in security, it makes up for in speed.

Secure Socket Layer (SSL) and Transport Layer Security (TLS) Protocols

Microsoft built this protocol. It is considered suitable for internet privacy and is integrated into almost all browsers.

How to Choose a VPN Protocol

A VPN protocol is what animates and directs a VPN. All protocols have strengths and vulnerabilities; therefore, it is essential to reconcile these attributes with your organization’s needs when choosing a VPN protocol.

Business VPN vs. Personal VPN

Business needs for a VPN differ widely from personal needs; therefore, a business VPN will differ too from a personal VPN. 

On the one hand, a business may implement a VPN for reasons such as to provide secure remote access and enhance network security, performance, and access control. 

Such a business will require a protocol that provides high-level encryption, source authentication, and tunneling. Therefore, the protocols chosen here should be the ones that emphasize security and speed.

On the other hand, a consumer may only need a VPN to access geographically restricted content or to stream movies and games online. The emphasis here is speed and stability.

PPTPL2PTSSTPOpenVPNWireGuardIPSec
SpeedVery goodGoodGoodVery goodExcellentVery good
StabilityVery goodVery goodGoodVery goodExcellentExcellent
SecurityPoorGoodVery goodExcellentExcellentVery good

Multi-protocol VPN vs. Single-protocol VPN

Buying a VPN may give you a choice between Multi-protocol VPNs and Single-protocol VPNs. As with making any other choice, you should consider how your needs align with the choices presented to you, and further in this, you should consider how dynamic or static your needs are. Here are factors to consider when making such a choice.

Security

A multi-protocol VPN allows you two things:

  • To tailor your VPN according to your current security needs.
  • The flexibility to react accordingly to changing security needs in the future.

So you can choose the protocol most suited to your current needs and still be able to switch when your needs change.

However, with a single-security VPN, you get the specific security attribute you need without any chance of variance in the future.

Ease of Use

Due to multiple protocols, Multi-protocol VPNs may require more work to configure.

On the other hand, single-protocol VPNs will be easier to configure since there’s only one protocol.

Network Performance

Multi-protocol VPNs offer the chance to respond to network needs as they change. So when speed becomes paramount, you can switch to a fast protocol and a more secure one when you need more security. By being able to respond to network needs, performance is enhanced.

On the other hand, single-protocol VPNs are more specialized and will only deliver according to their specialty.

Unlock the Best VPN with Perimeter 81

No matter the size or complexity of your network, there’s always the right VPN to ensure secure access to your off-prem resources. 

Ready to choose a VPN that’s the best fit for your organization? Book a demo today.