What is the best VPN protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP
👨💻
Do you want to use a VPN? If you are looking for a VPN provider or setting up your own VPN, you will need to choose a protocol. Some VPN providers may provide you with a set of protocols.
This is not the last word on any of these VPN standards or encryption systems. We’ve tried to summarize everything so you can understand the criteria and how they relate to each other – which you should use.
PPTP
Related: What is a VPN, and why would I need one?
Do not use PPTP. Point-to-Point Tunneling Protocol is a popular protocol because it has been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it is likely that the NSA (and possibly other intelligence agencies) will decrypt these supposedly ” Safe” links. This means that attackers and repressive governments will have an easier way to compromise these links.
Yes, PPTP is popular and easy to setup. PPTP clients are integrated into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time for a change it’s time for a change it’s time to move on.
in summary: PPTP is outdated and vulnerable, although it is built into popular operating systems and is easy to set up. stay away.
OpenVPN
OpenVPN uses open source technologies such as the OpenSSL encryption library and the SSL v3/TLS v1 protocols. It can be configured to run on any port, so you can configure a server to run over TCP port 443. OpenSSL VPN traffic is then virtually indistinguishable from standard HTTPS traffic that occurs when connecting to a secure website. This makes it difficult to prevent it completely.
It’s very configurable, and it would be more secure if it was set to use AES encryption instead of the weaker Blowfish encryption. OpenVPN has become a popular standard. We haven’t seen any serious concerns that anyone (including the NSA) has compromised OpenVPN connections.
OpenVPN support is not integrated into popular desktop or mobile operating systems. Connecting to the OpenVPN network requires a third-party app – either a desktop app or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on iOS from Apple.
in summary: OpenVPN is new and secure, although you will need to install a third-party app. This is the one you should probably use.
L2TP / IPsec
Layer 2 Tunnel Protocol is a VPN protocol that does not offer any encryption. That’s why it’s usually implemented in conjunction with IPsec encryption. Since it is integrated into modern desktop and mobile operating systems, it is very easy to implement. But it uses UDP port 500 – this means that it cannot be masqueraded as another port, such as OpenVPN. So it’s much easier to block and harder to get around firewalls.
IPsec encryption should be secure in theory. There are some concerns that the NSA might weaken the standard, but no one knows for sure. Either way, this is a slower solution than OpenVPN. The traffic must be converted to L2TP form, and then encryption added on top using IPsec. It is a two step process.
in summary: L2TP/IPsec is secure in theory, but there are some concerns. It’s easy to set up, but it has trouble getting around firewalls and it’s not nearly as efficient as OpenVPN. Stick to OpenVPN if possible, but definitely use this over PPTP.
SSTP
The Secure Socket Tunneling protocol was introduced in Windows Vista Service Pack 1. It is a proprietary protocol from Microsoft, and is best supported on Windows. It might be more stable on Windows because it’s built into the OS while OpenVPN isn’t – and that’s the biggest potential advantage. Some support is available for it on other operating systems, but it’s not widespread anywhere.
It can be configured to use very secure AES encryption, which is a good thing. For Windows users, it’s definitely better than PPTP – but since it’s a proprietary protocol, it’s not subject to the independent audits that OpenVPN does. Since it uses SSL v3 like OpenVPN, it has similar capabilities to bypass firewalls and should work better for this than L2TP/IPsec or PPTP.
in summary: It’s similar to OpenVPN, but it’s mostly meant for Windows and can’t be fully audited. Still, this is better to use than PPTP. And because it can be configured to use AES encryption, it is arguably more trustworthy than L2TP/IPsec.
OpenVPN seems to be the best option. If you have to use another protocol on Windows, SSTP is the ideal option to choose. If only L2TP/IPsec or PPTP is available, use L2TP/IPsec. Avoid PPTP if possible – unless you absolutely have to connect to a VPN server that only allows this old protocol.
Image credit: Giorgio Montercino on Flickr
[ad_1]
Don’t forget to share this post with friends !
