Tuesday, November 3, 2015

The differences of VPN protocols

All VPN protocols aims to provide a secure connection and unblock restrictions. But each protocol has its advantages and drawbacks. PPTP is fast and easy to setup. To protect online security in public WiFi, L2TP/IPsec is a good selection. OpenVPN is generally faster than IPsec, and OpenVPN apps are good choices for mobile devices, especially Android. This article we will explain benefits and drawbacks of VPN protocols to help you choose the suitable one in different situations.

VPN protocol


Point-to-Point Tunneling Protocol (PPTP) is a ubiquitous VPN protocol that can be applied on a huge number of operating systems. Used since the mid 1990s, it has long been the standard protocol for internal business VPN. PPTP may provide the quickest speed among all the protocols, and it's easy to setup. Though PPTP is convenient to use, it is certainly not the strongest and most secure option for a VPN tunnel. It doesn't do encryption, it simply tunnels and encapsulates the data packet, relies on various authentication methods to provide security.

IP security (IPSec)

IPSec is often used to secure Internet communications, operating in two modes: transport mode and tunneling mode. Transport mode only encrypts the data packet message itself while tunneling mode encrypts the entire data packet. This protocol can also be used in tandem with other protocols to increase their combined level of security.


Internet Key Exchange (IKEv2) is an IPSec based tunneling protocol that was jointly developed by Microsoft and Cisco. Faster than PPTP, SSTP and L2TP, as it does not involve the overhead associated with Point-to-Point protocols (PPP). IKEv2 is particularly good at automatically re-establishing a VPN connection when users temporarily lose their internet connections. It is one of the few VPN protocols supported by Blackberry devices, but not support many platforms. Implementing IKEv2 at the server-end is tricky, which is something that could potentially result in issues developing.


Layer 2 Tunnel Protocol (L2TP) is a VPN protocol good at generating the tunnel, instead of providing any encryption. The most common combination is L2TP and IPSec protocols, they merges best individual features to create a highly secure protocol. L2TP/IPsec is capable with all modern operating systems, just as PPTP. L2TP/IPsec encapsulates data twice, so it is slightly slower, not as efficient as SSL based solutions, like OpenVPN and SSTP. Another shortage is that L2TP/IPSec is easy to be blocked by NAT firewalls, and may therefore require advanced configuration when used behind a firewall.


Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use a handshake method. SSL is commonly used these days. OpenVPN, one of SSL types, provide a strong and reliable VPN solution. It is a fairly new open source technology that uses the OpenSSL library and SSLv3/TLSv1 protocols, along with an amalgam of other technologies. OpenVPN can be set to run on any port, including TCP port 443 to make it indistinguishable from normal HTTPS traffic, therefore, it's extremely difficult to block. VPN providers almost exclusively use either AES or Blowfish. AES is the newer technology, has no known weaknesses. However, OpenVPN can be a bit difficult to set up. So you'd better choose a VPN that get around this configuration problem by offering customized VPN clients.


Secure Shell (SSH) creates both the VPN tunnel and the encryption that protects it. The data itself isn't encrypted but the channel its moving through is. SSH connections are created by the SSH client, which forwards traffic from a local port one on the remote server. All data between the two ends of the tunnel flow through these specified ports. SSH also allows protocols that would otherwise be blocked by the firewall, say those for torrent.


Secure Socket Tunneling Protocol uses SSL v3, and therefore offers similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall issues). SSTP is stable and convenient to use. Although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows - only platform. What's more, SSTP is owned by Microsoft, so the code is not open to public scrutiny.

No comments:

Post a Comment