VPN Tunnels explained: what are they and how can they keep your internet data secure

An abstract of data moving in a tunnel
(Image credit: Pixabay)

Growing censorship and stiffer regulations are seen by many as two of the biggest threats to our global internet freedom and security. The good news for fans of online activities is that we’ve seen an increasing number of services become available to protect our internet web browsing time and fend off snooping by organizations.

One of the biggest growth areas for beefing up online security has been the use of Virtual Private Networks (or VPN). The humble VPN has become increasingly popular in recent years, mainly because they have the ability to bypass government censorship and geo-blocked websites and services. Better still, a reputable VPN will allow you to do this without giving away who is doing the bypassing.

In order for a VPN to do this, it creates what is known as a tunnel between you and the internet. Doing this means your internet connection is fully encrypted and it lets you stop ISPs, hackers and even the government from nosing through your browsing activity.

What is a VPN Tunnel?

When you connect to the internet with a VPN, it creates a connection between you and the internet that surrounds your internet data like a tunnel, encrypting the data packets your device sends.

While technically created by a VPN, the tunnel on its own can’t be considered private unless it’s accompanied with encryption strong enough to prevent governments or ISPs from intercepting and reading your internet activity.

The level of encryption the tunnel has depends on the type of tunneling protocol used to encapsulate and encrypt the data going to and from your device and the internet.

Types of VPN tunneling protocols

There are many types of VPN protocols that offer varying levels of security and other features. The most commonly used tunneling protocols in the VPN industry are PPTP, L2TP/IPSec, SSTP, and OpenVPN - and the world's best VPN services should offer most or all of them. Let’s take a closer look at them.


Point to Point Tunneling Protocol (PPTP) is one of the oldest protocols still being used by VPNs today. Developed by Microsoft and released with Windows 95, PPTP encrypts your data in packets and sends them through a tunnel it creates over your network connection.

PPTP is one of the easiest protocols to configure, requiring only a username, password, and server address to connect to the server. It’s one of the fastest VPN protocols because of its low encryption level.

While it boasts fast connection speeds, the low level of encryption makes PPTP one of the least secure protocols you can use to protect your data. With known vulnerabilities dating as far back as 1998, and the absence of strong encryption, you’ll want to avoid using this protocol if you need solid online security and anonymity – government agencies and authorities like the NSA have been able to compromise the protocol’s encryption.

2. L2TP/IPSec

Layer 2 Tunneling Protocol (L2TP) is used in conjunction with Internet Protocol Security (IPSec) to create a more secure tunneling protocol than PPTP. L2TP encapsulates the data, but isn’t adequately encrypted until IPSec wraps the data again with its own encryption to create two layers of encryption, securing the confidentiality of the data packets going through the tunnel.

L2TP/IPSec provides AES-256 bit encryption, one of the most advanced encryption standards that can be implemented. This double encapsulation does, however, make it a little slower than PPTP. It can also struggle with bypassing restrictive firewalls because it uses fixed ports, making VPN connections with L2TP easier to block. L2TP/IPSec is nonetheless a very popular protocol given the high level of security it provides.


Secure Socket Tunneling Protocol, named for its ability to transport internet data through the Secure Sockets Layer or SSL, is supported natively on Windows, making it easy for Windows users to set up this particular protocol. SSL makes internet data going through SSTP very secure, and because the port it uses isn’t fixed, it is less likely to struggle with firewalls than L2TP.

SSL is also used in conjunction with Transport Layer Security (TLS) on your web browsers to add a layer to the site you’re visiting to create a secure connection with your device. You can see this implemented whenever the website you visit starts with ‘https’ instead of ‘http’.

As a Windows-based tunneling protocol, SSTP is not available on any other operating system, and hasn’t been independently audited for potential backdoors built into the protocol.

4. OpenVPN

Saving the best for last, we have OpenVPN, a relatively recent open source tunneling protocol that uses AES 256-bit encryption to protect data packets. Because the protocol is open source, the code is vetted thoroughly and regularly by the security community, who are constantly looking for potential security flaws.

The protocol is configurable on Windows, Mac, Android, and iOS, although third-party software is required to set up the protocol, and the protocol can be hard to configure. After configuration, however, OpenVPN provides a strong and wide range of cryptographic algorithms that will allow users to keep their internet data secure and to even bypass firewalls at fast connection speeds.

Which tunneling protocol should I use?

Even though it’s the fastest, you should steer clear of PPTP if you want to keep your internet data secure. L2TP/IPSec provides 256-bit encryption but is slower and struggles with firewalls given its fixed ports. SSTP, while very secure, is only available on Windows, and closed off from security checks for built-in backdoors.

OpenVPN, with its open source code, strong encryption, and ability to bypass firewalls, is the best tunneling protocol to keep your internet data secure. While it requires third-party software that isn’t available on all operating systems, for the most secure VPN connection to the internet, you’ll want to use the OpenVPN protocol.

A good VPN service should offer you the choice of at least these four types of tunneling protocols when going online.

Your best options

When it comes to the best VPN to sign up for there are plenty of options to choose from. Of course, if money is tight and you’re not too keen on spending anything more than you have to, trying the best cheap VPN could be an alternative. Got a budget even more limited than that? Another option could be to enlist the services of the best free VPN, of which there are numerous variants to pick from. 

The main issue with opting for a free VPN is that you generally won’t get the same value as that provided by a paid-for rival. What’s more, if you’re using a VPN then one of the main considerations is going to revolve around security. By choosing a less well-known VPN, as opposed to the major players such as ExpressVPN, NordVPN, Surfshark or IPVanish to name but four, you might not get the same level of protection.

Free can be limited

Even if you have managed to find a free or cheap VPN you’re happy with, remember that there may be limitations on the way you can use the software service. Free VPNs can be a little miserly when it comes to the amount of data you can use, with the operating speed frequently being less impressive than paid-for alternatives too. If you’ve got a desire to stream video or are torrenting on a regular basis, this might be false economy.

More corners can be cut because of the free aspect too, with low-budget options potentially offering less in the way of protection. This is made worse by the way some free VPNs will feature advertising incorporated into the program, which can get old very quickly. Worse still, your data might get sold on too, which defeats the object of the exercise if you’re looking for a more secure life online.

Affordable VPN benefits

In fact, you’ll find the cheap VPN arena also features many of the same names found in the premium VPN marketplace, including the likes of ExpressVPN, NordVPN, Surfshark and PureVPN. Alongside employing tunneling protocols, you should also be able to enjoy the likes of fast connection speeds, beefy no-logging security, easy connectivity and the back-up of 24/7 customer support too. You’ll probably want to compare and contrast before signing up for a package, but the VPN arena offers a range of options to suit any kind of budget.

Naturally, if you’re looking for VPNs that call on the most commonly used tunneling protocols in the industry including PPTP, L2TP/IPSec, SSTP and OpenVPN, those top names are always going to be the best bet. However, there are solid middle ground options to consider too. A cheap VPN provider will often have many of the same features and functions found in those premium editions, but you’ll make some savings too.

We've listed the best business VPN.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

With contributions from