Below we describe the protocols on which the most widely-used VPN solutions on the market are based:
PPTP (Point-to-Point tunneling protocol): Network protocol that allows transfers between remote clients and servers in private networks, using both switched telephone lines and the Internet. PPTP is an extension of PPP that supports flow control and multi-protocol tunneling on IP. Implemented principally by Microsoft, this protocol operates in the data link layer of the OSI model, which allows it, once a PPTP session is established, to pass encrypted IPX, IP or AppleTalk frames. It uses encryption keys generated by MS-CHAP, MS-CHAP version 2 or EAP-TLS authentication protocols. The protocol of the data link layer can be used in NAT in corporate firewalls.
L2TP (Layer 2 Tunneling Protocol): It resolves interoperativity problems between the PPTP and L2F protocols. It has the characteristics of both protocols. It allows creating a tunnel at data link level, so that IP, IPX and AppleTalk packets sent privately can be transported via the Internet. As it does not have mechanisms for encryption and authentication, it uses L2TP/IPSec, which makes it vulnerable to NAT, and therefore implementations that include this protocol have to use NAT-T (NAT transversal).
IPSec (IP Secure): Security protocol that allows the secure interchange of packets in the Network layer of the OSI model, guaranteeing the security of the link between the device and a network. This is the protocol with the best encryption mechanisms, offering maximum integrity, authentication, access control and confidentiality for sending IP packets via Internet As it is a layer 3 protocol, it is limited to IP protocols. The combination of IPSec with L2TP can be used for transporting practically any protocol. To resolve IP address translation problems (NAT), this protocol uses NAT-T (NAT transversal) mechanisms. For this reason, even though the configuration of an IPSec VPN network is more complex, it is undoubtedly the most secure protocol.
SSL (Secure Socket Layer): Security protocol to safeguard access to information circulating through Internet protocols (HTTP, SMTP, FTP, etc.) symmetrically encrypting the data. Access to this data is only possible with the correct key. This protocol functions at the application layer.