A VPN is a Virtual Private Network. It’s essentially just an encrypted connection between your computer and the internet, but when you use one it allows you to access geo-restricted content that might otherwise be restricted by your country or ISP. This Ultimate Guide will teach you about the different protocols for finding out which protocol works best with what server in order to give yourself the most secure connection possible.,
The “vpn encryption types” is a guide that includes the top 5 VPNs and their encryption protocols. It also includes information on how to use each of the different protocols.
Many VPN services brag about having the most secure encryption and protocols. Unfortunately, the majority of customers have no idea what they are. Both are often seen as non-essential security elements. In truth, they’re what a VPN service’s heart is made of.
We’ll take a deeper look at both methods in our VPN encryption and protocol tutorial. It will be discussed how they function to keep you secure when online.
In addition, I’ll go through each technique now available on the market. After reading this, perhaps you’ll have a better knowledge of this complicated issue and be able to evaluate the security claims made by the various competing VPN providers.
What is VPN Encryption and How Does It Work?
Third-party intercepting, analyzing, modifying, or replacing the contents of your internet traffic is prohibited by VPN services. To accomplish so, they encrypt all data and connection information that passes between your device and their web servers using VPN encryption.
Hackers may use a variety of tactics to get access to your communications. As a result, VPNs must use both symmetric and public-key encryption techniques.
How Does It Work?
The workings of encryption aren’t as sophisticated as they seem. In truth, the whole procedure is fairly straightforward. The following is a quick rundown of how the technology works:
Your connection requests are encrypted before they are transmitted across whenever you run a VPN client and link it with a server. They are encrypted and sent across the web after being received by the server of your choice.
They then return to the VPN client’s server, where they are re-encrypted before being delivered back to your device. Finally, your VPN client decrypts everything so you can view the protected data.
As you can see, it isn’t as hard as it seems. Still, there’s much more that we must discuss. To get a complete understanding of what VPN encryption is and How Does It Work?, it’s essential to talk more about the following:
- Protocols for virtual private networks
- Ciphers for encryption
- Different The Different Types of Encryption
- Handshakes between VPNs
- Authentication using a hash
Protocols for virtual private networks
Protocols for virtual private networks are sets of digital instructions that VPN providers follow to create a secure connection between your computer and a VPN server. At their core, Protocols for virtual private networks basically consist of a combination of transmission protocols and encryption standards. Their main job is to safeguard your data while it’s at rest and in transit.
The following protocols are supported by the majority of VPN services:
- OpenVPN (UDP & TCP)
- IPSec (IKEv2 & L2TP)
- PPTP
- SSTP
- WireGuard
Other protocols that are supported by fewer VPNs include:
- SoftEther
- Lightway
- SSL & TLS
- Hydra Catapult
- SOCKS5
Each of these protocols has its own set of advantages and disadvantages. When connecting to a server, all excellent VPN services let their customers choose which protocols they want to utilize. After all of that, here’s a table that compares each frequently used VPN Protocol (Virtual Private Network):
| VPN Protocol (Virtual Private Network) | Speed | Stability of the Connection | Maximum Strength of Encryption | Bypassing Censorship Capabilities |
| UDP OpenVPN | Fast | Stable | 256-Bit | Good |
| TCP OpenVPN | Moderate | Exceptionally stable | 256-Bit | Good |
| L2TP IPSec | Moderate | Stable | 256-Bit | Moderate |
| IKEv2 IPSec | Very Fast | Exceptionally stable | 256-Bit | Bad |
| PPTP | Very Fast | Exceptionally stable | 128-Bit | Bad |
| SSTP | Fast | Exceptionally stable | 256-Bit | Good |
| WireGuard | Very Fast | Exceptionally stable | 20 ChaCha (256-Bit) | Moderate |
Let’s now go into the specifics. We’ll first examine the two OpenProtocols for virtual private networks as they’re the most popular. After that, we are going to move on to the rest.
1. VPN (Virtual Private Network)
Source
The VPN industry’s standard protocol is OpenVPN. The reason for this is because it provides exceptional levels of safety and security. It’s open-source, as the name indicates, which means that users may examine the source code for flaws. They might utilize it for a variety of things.
Despite the fact that OpenVPN is not supported natively by any platform, its extremely flexible nature has enabled most VPN providers to include it in their applications. Apps for Windows, macOS, Android, Linux, and iOS are frequently available for download.
OpenVPN comes in two flavors. Even if the variations between them are minor, it is nevertheless necessary to be aware of them. After all, each offers advantages and disadvantages that might make or break a product for specific people.
Packets of data are transferred through the internet in little bits. The Transmission Control Protocol (TCP) was created to guarantee that packets arrive to the OpenVPN client in the same state as they left the OpenVPN server.
TCP does this by:
- Delaying packet transmission to the OpenVPN client until all anticipated packets have arrived.
- Places out-of-order packets in their correct location.
- Any packets that may have been lost in transmission should be re-requested and awaited.
In summary, TCP OpenVPN is an excellent option for those looking to establish a more reliable connection. It’s also perfect for individuals that wish to work around internet censorship measures taken up by countries like the UAE, Turkey, China, and Belarus.
Unlike its cousin, the OpenVPN User Datagram Protocol (UDP) prioritizes data transmission efficiency. It sends and transmits smaller data packets without needing confirmation of receipt. As a result, it is speedier but less dependable and secure than TCP.
2. PPTP
Source
Point-to-Point Tunneling Protocol (PPTP) is the oldest VPN Protocol (Virtual Private Network). It was developed by a Microsoft employee and released in 1996. To this day, it still retains popularity despite the inception of newer protocols that are more robust. Here are the reasons why:
- Many protocols are slower than PPTP.
- Setting up PPTP is simple.
- PPTP is supported by almost all systems out of the box.
Because of its use of 128-bit encryption keys, PPTP has exceptional speed capabilities. Most other protocols, such as OpenVPN and SSTP, are slower in contrast because they utilize 256-bit encryption, which is more safe.
Because PPTP prioritizes speed above security, its users are exposed to major risks. In only a few minutes, an experienced attacker may quickly breach a PPTP-encrypted connection. As a result, it’s not the ideal alternative for individuals who value security.
Another disadvantage is that it is easily blocked by censorship programs. Why? Because it uses TCP port 1723 and the GRE protocol, both of which are readily blocked by firewalls.
PPTP should only be used when absolutely required. Because of its insufficient capacity to offer security and anonymity, the antiquated protocol defeats the objective of using a VPN. In fact, it’s only ideal for those that handle non-sensitive data and need the quickest connection speeds.
3. IPsec/L2TP
Source
The Layer 2 Tunnelling Protocol (LT2P) was introduced in 1999 as a type of successor to the PPTP protocol. Microsoft and Cisco collaborated on it, utilizing their PPTP and L2F protocols as a foundation. As a result, it should come as no surprise that it retains and improves upon the greatest elements of its predecessors.
LT2P does not have encryption on its own. As a result, it’s often used in conjunction with Internet Protocol Security (IPSec), a group of security protocols that operate together to authenticate and encrypt data sent between your device and a VPN server.
When you use LT2P to connect to a VPN server, IPSec creates a secure control channel between the VPN client and the VPN server, which is normally encrypted using the AES encryption.
LT2P encapsulates data packets from your browser. IPSec encrypts the data before relaying it to your VPN provider’s server, which decrypts and decapsulates it. While the twofold decapsulation procedure increases the security of LT2P/IPSec, it also slows it down significantly.
One of the best things about L2TP is how simple it is to set up. It’s also embedded into most major systems, therefore it’s supported by a lot of VPNs.
4. SSTP
Source
SSTP, or Secure Socket Tunneling Protocol, is a proprietary protocol owned by Microsoft. It uses the SSL 3.0 encryption standard as its foundation. As a result, it, like OpenVPN, may utilize TCP port 443, which is seldom banned by censoring system firewalls.
SSTP isn’t open-source since it’s proprietary. As a result, users are unable to examine the source code for flaws and improve it. The most they can do is notify Microsoft of any discovered vulnerabilities and hope that the corporation takes action.
We believe that SSTP’s Microsoft integration is a serious drawback. It doesn’t operate on anything other than Windows, and since it’s closed-source, it’s more vulnerable to security flaws. Furthermore, there have been instances when Microsoft has handed up encrypted communications to the National Security Agency (NSA) upon request.
SoftEther is number five.
Source
SoftEther’s beginnings are interesting. It was created as part of a master’s thesis at Japan’s Tsukuba University. It, like OpenVPN, is open-source, offering users the ability to examine its source code for flaws.
Released in 2014, SorftEther is one of the newest Protocols for virtual private networks in the industry.
As a consequence, it is only supported by a few service providers. However, this might change in the near future, since the protocol has a reputation for being fast without sacrificing security. Aside than that, it’s designed to operate past censorship restrictions.
AES-256 and RSA-4096 are examples of strong encryption ciphers supported by SoftEther. Its encryption and authentication algorithms, on the other hand, are based on OpenSSL, making the traffic it relays almost similar to HTTPS traffic.
Guido Vranken conducted an 80-hour security assessment of SoftEther in 2018 and discovered 11 security flaws. The protocol’s creators responded by issuing a patch to solve the issue. Unfortunately, researchers at Aalto University later revealed that SoftEther was vulnerable to man-in-the-middle attacks.
All in all, our team believes that SoftEther is a decent VPN Protocol (Virtual Private Network). It’s blazingly fast, good at bypassing censorship, and is getting more secure thanks to the continuous release of updates.
IKEv2/IPsec (IKEv2/IPsec) (IKEv2/IPsec
Source
Internet Key Exchange version 2 (IKEv2) is another VPN Protocol (Virtual Private Network) that was jointly developed by Microsoft and Cisco.
It’s closed-source, and Windows (versions 7 and later), BlackBerry, and iOS all support it natively. For Linux OS, several third parties have created an open-source version. Because it’s open-source, this version is more reliable than the protocol’s initial version.
IKEv2, like LT2P, is usually used in conjunction with IPSec since it lacks encryption on its own. IKEv2/IPSec, on the other hand, outperforms its equivalent in terms of performance and functionality for the following reasons:
- It’s significantly quicker since it’s been designed to make better use of bandwidth.
- A lot more Ciphers for encryption are supported, including AES, Camellia, and Blowfish.
- Because of something called the MOBIKE Protocol, switching networks is smooth.
With all of its advantages over LT2P, it seems like IKEv2 is way superior. However, you should know that it does not allow you to bypass most censorship systems. Why? Because the VPN Protocol (Virtual Private Network) employs specified ports that can easily be detected and blocked.
MOBIKE is essentially an IPSec/IKEv2 protocol extender. It enables VPN providers to change their IP addresses without having to re-establish SAs with their servers. It also allows VPN clients and servers to choose a certain accessible address when many options are available.
WireGuard is number seven.
Source
The newest VPN Protocol (Virtual Private Network) that’s available is WireGuard. It is open-source and is actually still being developed. Experts involved in creating the protocol aim for it to be faster and more secure than any competitor. Hence, many claim that WireGuard is the future of Protocols for virtual private networks.
WireGuard aims to solve the difficulties that OpenVPN and IPSec are known to cause. Frequent disconnections, lengthy reconnection periods, and hard setup processes are just a few instances.
WireGuard encrypts data via the ChaCha20 cipher, which employs a 256-bit key. Despite the fact that many VPNs have yet to implement this encryption, many experts believe it is capable of outperforming AES. It’s three times quicker and has been shown to be just as safe.
Who Is WireGuard Supported By?
NordVPN has announced the debut of NordLynx, a new bespoke protocol that will be accessible across all of the VPN’s platforms. This one-of-a-kind protocol is entirely built on WireGuard. The combination of WireGuard and NordVPN’s patented double NAT (Network Address Translation) algorithm distinguishes this version of WireGuard.
WireGuard is being supported by a growing number of providers, including NordVPN. The following is a list of the majority of them:
Only PIA and VyprVPN made our top 10 ranking among these VPN service providers. Still, as the market evolves and more VPNs enable WireGuard in some form or another, this might change.
8. SSL and TLS (Transport Layer Security)
Secure Sockets Layer (SSL) is an acronym for Secure Sockets Layer. It’s the gold standard for safeguarding internet connections and data exchanged between two systems, most often PCs and servers.
Criminals and other third parties are unable to access or manipulate information sent over the internet as a result of it. It does this by guaranteeing that any data being sent is unreadable. To scramble data in transit, the technique employs encryption algorithms.
TLS (Transport Layer Security), on the other hand, is merely an upgraded version of SSL. It was created in 1999, and the Internet Engineering Task Force standardized it (IETF).
There aren’t many distinctions between SSL and TLS. As a result, they should not be compared to one another. In reality, they are part of the SSL/TLS protocol suite, which is updated on a regular basis.
9. Other Protocols for virtual private networks
Apart from everything that’s mentioned, there are other Protocols for virtual private networks that you should be aware of. Each of them isn’t as well-known or common as the protocols we talked about. Still, they play a vital role in the VPN industry.
Source
ExpressVPN’s new proprietary protocol, Lightway, is built on WolfSSL rather than the more well-known WireGuard. Despite this, it is said to have the same advantages.
ExpressVPN claims to be highly fast, extremely secure, and capable of connecting and disconnecting instantly. However, since the technique is so new and hasn’t been thoroughly examined by most specialists, it still has a lot to prove.
The newest version of the SOCKS internet protocol is SOCKS5. It uses a proxy server to redirect data packets between a client and a server. Proxy servers are used to make UDP or TCP connections across IP addresses that are randomly generated.
Some of the reasons why people use SOCKS5 proxy servers are as follows:
- To get bypass internet censorship
- There are no limits on traffic, programs, or protocols.
- Connections that are faster and more dependable
- Errors are reduced, and performance is improved.
- Excellent performance on peer-to-peer platforms
The fundamental difference between VPNs and proxies is that VPNs encrypt your data, whilst proxies do not. VPNs also ensure that connections are more reliable. As a result, if you want to double down on security, you should utilize your VPN in conjunction with SOCKS5.
Hydra Catapult is another proprietary VPN Protocol (Virtual Private Network) used by HotSpot Shield and other services owned by the Pango Group.
It delivers fast speeds and is more than capable of providing data leak protection. Sad to say, it’s closed-source, making it lack transparency. For that reason, we don’t recommend that you use it. You’ll be better off with other Protocols for virtual private networks like WireGuard and OpenVPN.
VPN Ciphers for encryption
The algorithm for safeguarding data on control and data channels is referred to as a cipher. Ciphers are usually discussed in conjunction with key lengths. While a protocol creates the groundwork for establishing a suitable encryption tunnel, it is ciphers that encrypt all of your data.
AES, Blowfish, and Camellia are the most often utilized ciphers by VPN services. However, there are a lot more. Let’s look at each one in more detail:
The Advanced Encryption Standard (AES) is a set of rules for encrypt (AES)
Source
Advanced Encryption Standard (AES) stands for Advanced Encryption Standard. It’s also known as the Rijndael algorithm, and it’s often regarded as the best encryption available since it’s very secure. When it comes to internet encryption techniques, the majority of specialists refer to it as the gold standard. As a result, it’s no surprise that it’s the most often used cipher in the VPN market.
Its beginnings may be traced back to 2001, when the US National Institute of Standards and Technology formed it (NIST).
AES is available with key lengths of 128 or 256 bits. Most VPNs, on the other hand, employ the later form since it is more secure. It’s so safe that it’s used by numerous military and intelligence institutions throughout the globe to protect sensitive data. This is why AES-256 is often referred to as “military-grade” by VPN providers.
Blowfish, number two
Source
Blowfish is a cipher that was originally created in 1993. It was created in the United States by cryptographer Bruce Schneier. The cipher was formerly the default in OpenVPN. However, the superior AES-256 cipher has now taken its place.
Blowfish is most often seen with a 128-bit key length. However, this may vary from as little as 32 bits to as much as 448 bits.
Blowfish, like practically other ciphers, has its unique set of flaws. The most well-known is its vulnerability to the Birthday Attack, a cryptographic attack. As a result, we propose using the cipher only as a backup to AES-256.
three. twofish
Source
Bruce Schneier, like Blowfish, created Twofish. It’s connected to Blowfish in a tangential way, which isn’t surprising considering that both ciphers were invented by the same guy. Many people expected that it would become the industry standard for encryption, which is intriguing. Unfortunately, it was defeated by AES.
Twofish is distinct from other ciphers as it uses pre-computed, key-dependent S-boxes to alter how the key relates to the ciphertext. In the world of Ciphers for encryption, it’s the only one that does this, allowing it to stand out.
Twofish has been demonstrated to be very secure in studies. It was overshadowed by AES because to its sluggishness. Even yet, Twofish is used by a few sites because it is dependable and can keep consumers secure.
Camellia is number four.
Source
Camellia is a cipher that, in terms of security and performance, is extremely similar to AES.
Despite using a shorter key length, many experts believe it is safe (128 bits). Many claim that recent brute-force assaults have little effect on it. There has never been a report of it being compromised by a successful assault.
The fact that AES has yet to be validated by NIST, the same agency that invented AES, is the primary reason for its popularity.
Despite the fact that Camellia isn’t affiliated with the US government, many people urge for its wider use. However, just a few VPN providers have made it accessible. As a result, the cipher has yet to be fully tested and widely accepted.
The Triple Data Encryption Standard (TDES) is a standard that encrypts data three (3DES)
The Triple Data Encryption Standard (3DES) is a successor to the original Data Encryption Standard. It was quite popular in the late 1990s, but has since fallen out of favor due to the emergence of more secure ciphers.
3DES will be phased out by 2023, according to a recent notification. Despite this, it is still used by certain VPN companies since it is one of the most widely disclosed and analyzed ciphers.
Even if 3DES is available, we recommend that you avoid it. It is no longer in use, and there are better alternatives. Even if it has an excellent security track record, you’ll be better off utilizing a current and future-proof encryption.
Microsoft Point-to-Point Encryption (Microsoft P2PE) (MPPE)
Microsoft Point-to-Point Encryption (MPPE) is a technique of encrypting data that was devised by Microsoft, as the name indicates.
It encrypts data using the RSA technique and supports 40 and 129-bit keys. For additional security, these keys are updated on a regular basis. MPPE does neither grow or compress data, unlike other encryption technologies. As a result, it’s often utilized in combination with MPPC (Microsoft-Point-to-Point Compression).
7. Unbreakable Forward Secrecy
Source
Perfect Forward Secrecy, or simply Forward Secrecy, is a characteristic of the agreement protocol that ensures that your session keys will remain secure even if your private key is compromised.
It works by randomly creating a session key for each session you start. Perfect Forward Secrecy can only be decrypted in two ways. Sessions are sent to a VPN server agent or traffic is routed via two TLS inspection devices. To put it another way, it’s very secure and can only be breached by the most skilled and well-funded of attackers.
I know that any conversation about VPN Ciphers for encryption can get really complicated in a matter of seconds.
Our staff, on the other hand, hopes that you’ve learnt the fundamentals of what they are and how to utilize them. After all, each cipher is unique, with its own set of benefits and drawbacks.
Different The Different Types of Encryption
So far, we’ve tackled what VPN encryption is, the various protocols, and ciphers. Let us now dwell into one of the most important topics and discuss what are the Different The Different Types of Encryption that VPN providers use:
Symmetric Encryption (Symmetric Encryption) is a kind of encryption
Symmetric encryption (also known as symmetric-key encryption) is a kind of encryption in which data is encrypted and decrypted using just one key. It requires the same exact key to communicate between your device and the VPN server. Camellia, AES, and Blowfish are examples of symmetric-key ciphers.
The advantage of this sort of encryption is that it is quick. It just involves the creation of a single key, simplifying the procedure mathematically.
Asymmetric Encryption (Asymmetric Encryption) is a kind of encryption that (Public-key)
Asymmetric encryption (also known as public-key cryptography) encrypts and decrypts data using both a public key and a corresponding private key, unlike its counterpart. Journalists or government dissidents who disclose their public key online so that sources may relay secure communications to them are the most common users of this sort of encryption.
The biggest benefit of using asymmetric encryption is the amount of protection it delivers to its consumers. It is much superior than symmetric encryption for those who want to avoid censorship or keep others from discovering they’re using a VPN service.
The Basics
VPN encryption employs both symmetric and asymmetric encryption techniques. It establishes a secure VPN client-server connection via asymmetric encryption, allowing symmetric keys to be shared without difficulty.
Handshake with a VPN
In addition to protocols and ciphers, VPNs also use a technology called Handshake with a VPN to secure and verify your VPN connection.
The first connection between two digital devices is referred to as a handshake. It’s essentially a welcome in which both computers establish communication rules and verify one other.
When a Handshake with a VPN secures a given connection and makes a VPN tunnel. When it takes place, asymmetric encryption gets used. Once the connection is finally secured, a symmetric key is produced, shared, and used for the rest of the session.
Even if this procedure produces enough encryption, the private key used in a handshake may still be used to decode each session.
An attacker might use this “master key” to decode all secure sessions on a VPN server if it is hacked in any manner. They might then get access to the symmetric key and compromise any data passing over a VPN connection.
As a result, we strongly advise you to use a VPN service that employs Perfect Forward Secrecy. This will provide you a higher level of comfort that your data will be protected from harmful third parties.
1. RSA
Most Handshakes between VPNs utilize the RSA (Rivest-Shamir-Adleman) algorithm. This algorithm has formed the backbone of internet security since the early 2000s.
A VPN provider may utilize a variety of RSA implementations. RSA-1024, RSA-2048, and RSA-4096 are some examples. Only 2048 and 4096 have retained their popularity among them, since 1024 is considered a security concern. While there is no proof that it has been broken, given the processing capacity of current CPUs, many believe it will be shortly.
2. Elliptic Curve Diffie-Hellman (ECDH) and Diffie-Hellman (DH) (ECDH)
Diffie-Hellman (DH) and its version, Elliptic Curve Diffie-Hellman (ECDH), enable a device and a server to create a secret key across an insecure channel. Despite the fact that the two protocols were among the first to employ public keys, they are still frequently used to secure a broad range of internet services.
Unfortunately, researchers determined that the DH and ECDH key exchange protocols are insecure, contrary to popular belief. Both potentially couldn’t protect themselves against well-funded assaults.
Authentication using a hash
Authentication using a hash or HMAC (Hash-Based Message Authorization Code) is a message authentication code (MAC) that VPNs use to check the integrity and authentication of a message to make sure it hasn’t been altered by third parties.
It operates by employing a hash function to change the original data. The original source message is scrambled by an algorithm into a fixed-length string of characters that gives it an entirely new appearance.
Note that Authentication using a hash is a one-way process. Once a message is edited, it’s impossible to de-hash it to know the original message.
To put it simply, Authentication using a hash is useful for VPNs as it prevents man-in-the-middle attacks since it detects the tampering of a message. In its absence, an attacker could impersonate a legitimate VPN server then fool you into connecting to a fake one. There, all your internet activities could be tracked and recorded.
What Kind of VPN Encryption Is Best?
Our team believes that TCP OpenVPN alongside AES-256 cipher is the best and safest protocol that you can use. The open-source nature of TCP OpenVPN has enabled it to be compatible with many platforms. It has also allowed the general public to test it for any weaknesses. Moreover, the protocol perfectly balances security and privacy.
Another protocol that you should consider using is WireGuard. While it’s relatively new, it has the potential to take OpenVPN’s place as the #1 most popular VPN Protocol (Virtual Private Network) in the industry.
WireGuard has been demonstrated to be safe, quick, and secure in research. Only time will tell whether it lives up to the expectations. As the number of VPNs that adapt grows, so will the amount of reports concerning their performance.
When it comes to mobile devices, we believe that IPSec/IKEv2 is the best option. Because it can connect and rejoin you at blazingly fast rates and with simplicity, the protocol handles network changes very effectively. Still, if you’re in a foreign nation like China, where censorship systems may identify and block it, it’s not the ideal solution.
To ensure optimal security, make sure your VPN encryption is as follows:
- Employs SHA-2 Authentication using a hash
- Perfect Forward Secrecy is used.
- Uses secure key exchange protocols such as RSA-4096 or ECDH.
Finally, our staff hopes you had the opportunity to learn all there is to know about VPN encryption and protocols. I personally hope that you will be able to choose the best VPN at some point. After all, with so many competing services on the market that all seem to be quite similar, it’s not simple to do so anymore.
VPN Encryption & Protocols: The Ultimate Guide is a comprehensive guide to VPN encryption and protocols. The guide covers the most popular encryption methods, as well as the different types of VPN protocols. Reference: strongest vpn encryption.
Frequently Asked Questions
Is a VPN encrypted?
A: A VPN is encrypted, so no one can see your data.
What is the best encryption for VPN?
A: Most encryption programs are outdated and use low-grade algorithms that may not be as secure as they need to be. For the best possible protection, you should look for an encryption program with a 128-bit or higher key length.
Related Tags
- vpn encryption algorithm
- encrypted vpn free
- how vpn encryption works
- ipsec vpn encryption types
- nordvpn encryption
