We have made it easy to understand all sorts of VPNs.
VPNs are already complex products, and when we talk about their types, it seems like getting lost in some techno jungle where every tree is an intricate algorithm.
But this won’t be the case here.
Assuming you already know what a VPN is, I will directly jump to the main course.
Different Types of VPNs
There are many forms of VPNs based on different criteria. I will keep it simple, however, and list everything in a single place.
Keep in mind that VPNs can be complex, and this guide is aimed at the very beginning, briefly introducing each type without delving into much detail.
I will be talking about these:
Remote access VPN
Remote Access VPN
Mostly a business product, remote access VPN means a service letting outsiders safely connect to a private network. Those outsiders are mainly the company’s remotely-stationed or traveling employees.
The idea is to give access to company files, applications, etc., securely to authorized personnel, all the while blocking intruders.
Based on the service, it can have additional security features like multi-factor authentication, granular access, device monitoring, etc.
This corporate offering, site-to-site VPN, is designed to connect various local area networks (LANs) with the secure encrypted VPN tunnel. The ideal consumer is a business having branch offices in multiple locations.
Its primary objective is to create a wide area network (WAN) that remotely grants access to shared resources.
Unlike remote access VPN, the individual devices in this case need not separately authenticate via a VPN client. Instead, they work with pre-approved authorization protocols working on the network level.
#1. Extranet-based VPN
This is where a company connects with its external business partners or customers via secure VPN encryption. A type of site-to-site VPN, extranet-based VPN helps non-business-native entities access select company resources.
#2. Intranet-based VPN
Intranet-based VPN, on the other hand, connects users locally on the same network.
Point-to-Point Tunnelling Protocol (PPTP) VPN
Developed by Microsoft, PPTP is an effortless way to encrypt traffic. When we say PPTP VPN, it simply refers to utilizing the PPTP protocol to provide VPN services.
It’s one of the oldest VPN protocols, which has been around roughly since Windows 95.
PPTP is easy to set up without any additional installation and supports major operating systems. It offers incredibly fast speeds, which is good for streaming and gaming.
However, there are more secure VPN protocols out there, such as OpenVPN, making opting for PPTP less desirable for high-stakes tasks. In fact, most consumer-facing VPNs don’t support PPTP anymore.
Layer 2 Tunnelling Protocol (L2TP) VPN
L2TP comes after PPTP and was jointly developed by Microsoft and Cisco in 2000. It combines PPTP and Cisco’s L2F protocol.
It does not have strong mechanisms for authentication and encryption by itself. Therefore, it’s usually coupled with IPSec. The combination L2TP/IPsec is more secure than PPTP; however, there is a minor compromise on the speed front. This protocol is widely supported on multiple platforms, which helps developers in easy adoption.
However, it’s not that effective against firewalls.
Besides, L2TP/IPsec lags behind OpenVPN, WireGuard, etc., in providing robust security, because of which it’s getting obsolete gradually, and you won’t see many VPN service providers supporting it.
Internet Key Exchange Version 2 (IKEv2) VPN
IKEv2 was developed by the Microsoft and Cisco duo. Like L2TP, it’s not secure when implemented on its own. Therefore, it’s paired with another protocol, resulting in the pairing IKEv2/IPsec.
This coupling is fast and secure. Its biggest strength is auto-reconnections when a user switches networks. This attribute makes it good for mobile platforms, such as smartphones.
However, it connects only over UDP, which means it can easily be blocked by firewalls. In addition, IKEv2 is a closed-source project and comes with native support only for Mac and iOS.
Consequently, top VPN service providers stick to the better options in OpenVPN and WireGuard.
SSL/TLS protocol can be used as a VPN to help users send emails, share files, and access browser-based applications securely without installing additional client-side software.
It’s a browser-based VPN technology that can help access specific resources, unlike standard VPNs, which make entire networks vulnerable. This also allows for easy setup of granular access control.
It used to be based on SSL (now obsolete), but current SSL/TLS VPNs connect via its updated version, TLS.
Most modern browsers, including Chrome, Firefox, etc., natively support TLS, making the deployment straightforward. Plus, they get easily updated along with official browser updates.
However, as already stated, their encryption is valid for the specific application and doesn’t cover the entire operating system at once.
One of the most advanced VPN protocols, OpenVPN, can also be deployed as a standalone VPN. Created in 2001, it’s an open-source implementation that has stood the test of time, making it the current favorite of industry-leading VPN service providers.
It’s one of the few available options that can be configured for an obfuscated VPN connection. This becomes important in situations where VPN use is prohibited by law or can suffer from unwanted scrutiny.
OpenVPN supports a wide variety of operating systems and provides top-notch speeds without compromising on security.
WireGuard is the latest and greatest in the industry, with just 4000 lines of code, significantly reducing the attack surface. Also, it ships with excellent security and offers lightning-fast speeds.
It started with support for Linux and soon became available for other platforms as well.
What it made popular was the easy deployment. However, this becomes a security threat as the process can result in a configuration that begins by saving the static IP address of the user. That’s why a few VPN providers (like NordVPN) customize it to maintain the expected security.
Except for that, WireGuard is pretty slick and getting more takers as we speak of it.
This isn’t another type of VPN, but covers the services that allow deploying a VPN connection via a smartphone.
The foremost challenge of such VPNs is constant connections when the user switches networks, mostly from cellular to WiFi or vice versa. However, a security feature present in most modern VPNs, a kill switch, helps this transition occur conveniently without leaking IP addresses.
Mobile VPN services have native applications for platforms such as Android and iOS. Under the hood, they can use similar protocols to their desktop counterparts, but it’s ultimately based on the platform availability and ease of implementation.
SSH VPN establishes a secure connection to a remotely stationed server. It comes with native protocols for authentication and encryption, making it safe to access remote devices, file transfers, and executive commands on remote servers.
However, factors like the absence of network-wide encryption, IP anonymity, or the ability to geo-unblock restricted content limit its use cases and set it apart from a traditional VPN.
Without a central VPN server, Mesh VPNs create a peer-to-peer (p2p) infrastructure for secure and decentralized networking.
Each device (called node) sends traffic directly to the intended destination without any routing. This helps reduce latency and improves overall security since the user won’t have access to the whole network at once.
A central administrator manages the network access for individual nodes.
The primary advantage of Mesh VPN over its traditional counterparts is the absence of a single point of failure and excellent scalability.
Common use cases are businesses needing to create a private network for a set of employees, irrespective of their geographical location.
Since the majority of companies are opting for cloud-based infrastructure, using traditional VPNs hosted on on-premise hardware makes little sense. Cloud VPN serves these use cases where you want secure connectivity between multiple cloud entities or a cloud resource and remote users.
While it functions much like a traditional VPN, the deployment is often seamless and comes with a hand-off experience if one opts for 3rd-party cloud service providers such as Google Cloud, Microsoft Azure, Amazon Web Services, etc. It’s generally provided under the VPN-as-a-service model.
However, one can also rent a cloud server and perform the setup and maintenance in-house, much like a conventional corporate VPN. This term also includes site-to-site and remote access VPN for cloud-based setups.
VPNs are an evolving domain and the need of individuals and corporations today.
Most of the VPNs listed here are actually protocols, but the terms are often used interchangeably, leading to their inclusion.
Besides, I have briefly explained remote access, site-to-site, cloud VPN, etc. But we also have a huge library of VPN-related articles for someone interested in deep dives.