Your location: Your IP: Your status:ProtectedUnprotected · To the tests »

VPN Protocols

Perfect Privacy VPN services and protocols in the overview

OpenVPN

OpenVPN is considered to be one of the safest and reliable encryption protocols. We use 4.096-bit public key encryption for the key exchange and AES-256 bit for encryption of the traffic data.

As soon as the OpenVPN connection is established, all Internet traffic is routed through the VPN automatically, regardless of the client software being used. Our configuration files can be used with the OpenVPN client software or the Perfect Privacy VPN Manager, which also installs the OpenVPN client.

OpenVPN lends itself if you want to use strong encryption, and possibly want to cascade multiple VPN servers, or want to direct your traffic through an additional proxy. An OpenVPN connection requires more CPU power and is perhaps slower than an IPsec connection.

OpenVPN

Maximum security due to strong encryption (AES-256Bit)

High functional diversity like cascading, proxy usage, et cetera

Special client software (OpenVPN) required

Relatively high CPU usage

IPsec

Maximum security due to strong encryption (Algorithm platform dependent)

No additional client software required (with most operating systems)

Required trust in Root-CAs provided by the operating system

IPsec

The IPsec protocol, standardized by the IETF, represents another encryption alternative. Almost all modern operating systems support IPsec on its own, so usually, no additional client software has to be installed.

Like OpenVPN, IPsec routes all Internet traffic through an encrypted tunnel. IPsec offers itself especially when high speed is desired. An IPsec connection is usually faster and requires less CPU power than an OpenVPN connection.

The disadvantage is that the user is required to trust the certification authorities (Root-CAs) that come along with the operating system. While unlikely, this allows a theoretical Man in the Middle attack by the Root-CA itself. That is not possible with an OpenVPN connection since the Perfect Privacy VPN manager uses hard-coded certificates.

SSH2 tunnel

For maximum flexibility, we offer SSH2 tunnels with AES-256 bit encryption, which can be used with specific apps. Such a tunnel may be used with selected software to tunnel its traffic.

All other software (every program not explicitly configured to use the SSH2 tunnel) still uses the regular unencrypted Internet connection. This is a practical method of using a VPN with certain client software only.

There are open source as well as proprietary SSH clients for all standard operating systems (Windows, macOS, Linux) available. Perfect Privacy also offers its own, easy to use Perfect Privacy Tunnel Manager for Windows users.

Strong encryption

High flexibility, because application specific

Unconfigured applications do not use the encrypted tunnel

Additional client software required (depending on operating system)

We trust in open-source technology

HTTP proxy

Relatively high speed

No encryption, only forwarding

Only suitable for certain applications (web traffic)

HTTP proxies

With HTTP proxies can be used either separately or in combination with another VPN protocol.

These proxies not only replace the IP address with one of the respective proxies but also remove header data such as “X_Forwarded_For” and “HTTP_VIA” and make it impossible to detect a proxy is being used at all.

Additionally, among others, the data of the headers “User Agent” and “Operating System” are replaced with other valid values. HTTP proxies, however, do not offer encryption on its own. Therefore this has to be ensured separately.

SOCKS5 proxies

Besides HTTP proxies we also offer using our SOCKS5 proxies. SOCKS5 proxies in contrast to HTTP, work protocol independent and in principle can handle any type of traffic. Many clients support the use of a SOCKS5 proxy and allow the externally visible IP address being one of the proxy servers in use.

Like HTTP, SOCKS5 proxies can be used either separately or in combination with a VPN. However, like HTTP, SOCKS5 proxies do not offer encryption on its own. Therefore this again has to be ensured separately.

Relatively high speed

No encryption, only forwarding

No additional client software required (with most operating systems)

Relatively low CPU usage (with most operating systems)

Weak encryption, considered as breakable

PPTP

Besides OpenVPN and IPsec using the PPTP VPN protocol, which was developed by Microsoft, is a possibility. Our PPTP uses MPPE-128 (128-bit key length) using the DC4 cryptographic algorithm.

Even if PPTP is less CPU intensive and therefore can offer more speed, it is less secure than OpenVPN. The main advantage is that it is already available on most operating systems (Windows, macOS, iOS, Android), without the need of additional client software being installed.

Our advice is, not to use PPTP if truly secure encryption is required since nowadays it is possible to decrypt it. Nevertheless, PPTP may be useful, for example, if you want to hide your IP address but don’t have a particular value placed on encryption.

This website uses cookies to analyze the traffic and to control our advertising. By using this site, you agree to the use of cookies. More information can be found in our privacy policy.