VPN protocol comparison cheat sheet
Published by Paul Bischoff on April 1, 2016 in VPN

protocols
This is a quick reference guide for the lay-person who wants to explore the different VPN protocols available. For those who want a quick answer as to which one they should use:

  • Opt for OpenVPN when available, especially when the setup is handled by a third-party app
  • L2TP/IPSec is probably the most widely used alternative that offers decent security
  • SSTP is also a solid option for Windows users, assuming you trust proprietary tech from Microsoft
  • IKEv2 is a fast and secure alternative for the few devices that support it, particularly mobile devices
  • Only use PPTP as a last resort

OpenVPN

What is it?

An open-source VPN protocol that’s highly configurable for a variety of ports and encryption types. OpenVPN is one of the newer protocols with an initial release in 2001.

What’s it used for?

Third-party VPN clients often utilize the OpenVPN protocol, as OpenVPN isn’t built into computers and mobile devices. It’s become increasingly mainstream for general purpose VPN use, and is now the default protocol used by most paid VPN providers.

Is it fast?

Not as fast as PPTP, about the same speed as L2TP depending on the device and configuration.

Is it secure?

Yes. OpenVPN uses a custom security protocol that relies heavily on OpenSSL, similar to the encryption used on HTTPS websites. Because it can be configured to use any port, it can easily be disguised as normal internet traffic and is therefore very difficult to block. It supports several encryption algorithms, the most common being AES and Blowfish.

Is it easy to set up?

If you plan on setting it up manually, no. Many native VPN clients from consumer VPN providers, however, make it much easier to install and run. In those cases, OpenVPN usually requires no manual configuration, as the provider’s app takes care of that for you.

L2TP/IPSec

What is it?

Layer 2 Tunnel Protocol is the VPN protocol, and it’s usually paired with IPSec for security. L2TP was developed by Cisco and Microsoft in the 90s.

What’s it used for?

Accessing the internet through a VPN when security and privacy are concerns.

Is it fast?

Sort of. There’s some debate out there about whether it’s faster than OpenVPN or not. The average user probably won’t notice a difference in speed between the two. L2TP/IPSec is slower than PPTP.

Is it secure?

Yes, L2TP/IPSec has no known major vulnerabilities. Some experts have voiced concerns that the protocol might have been weakened or compromised by the NSA, though. The NSA helped develop IPSec.

Is it easy to set up?

That depends. Like PPTP, L2TP/IPSec support is built-in to most modern computers and mobile devices today. The setup process is similar, but the port that L2TP uses is easily blocked by firewalls. If you need to get around these firewalls, you’ll need to forward the port, which requires a more complicated configuration.

PPTP

What is it?

The oldest widely-used VPN protocol, originally developed by Microsoft for dial-up networks. PPTP stands for point-to-point-tunneling.

What’s it used for?

PPTP is used for both connecting to internet and intranet (i.e. accessing a corporate office building’s internal network).

Is it fast?

Yes. Due to the lower encryption standard, PPTP is one of the fastest VPN protocols.

Is it secure?

No. PPTP hasn’t aged well, and many security vulnerabilities have arisen over the years. The NSA actively decrypts and monitors PPTP traffic. Even though it normally uses 128-bit encryption, it effectively offers no security benefits.

Is it easy to set up?

Yes. PPTP is the most common protocol built into many computers and mobile devices today, making it on of the simplest–if not the simplest–to manually set up.

SSTP

What is it?

Secure Socket Tunneling Protocol was developed by Microsoft and first built into to Windows Vista. The proprietary (read: not open-source) protocol works on Linux but is primarily thought of as a Windows-only technology.

What’s it used for?

Not much. SSTP might be used by a few hardcore Windows fans because it comes built-in, but it has no real advantages over OpenVPN. It’s better than L2TP for getting around firewalls without a complicated configuration.

Is it fast?

About the same as OpenVPN.

Is it secure?

Yes, assuming you trust Microsoft (questionable). It is usually configured using strong AES encryption.

Is it easy to set up?

Manual setup is fairly easy on Windows machines. Macs won’t run it and probably never will. Linux and a few other systems will have a harder time.

IKEv2

What is it?

Internet Key Exchange version 2 isn’t exactly a VPN protocol, but can be treated as such. It was jointly developed by Microsoft and Cisco.

What’s it used for?

It’s especially useful for mobile devices on 3G or 4G LTE because it’s good at reconnecting whenever the connection drops out. This can happen when the user drives through a tunnel and temporarily loses service or when they switch from the mobile connection to wifi. Support for IKEv2 is built into Blackberry devices.

Is it fast?

Yes, IKEv2 is the fastest protocol on this list.

Is it secure?

Yes, again, if you trust Microsoft. IKEv2 supports several levels of AES encryption and, like L2TP, uses the IPSec encryption suite. Some open-source versions are also available for those who prefer to avoid Microsoft’s proprietary version.

Is it easy to set up?

IKEv2 is not widely supported, but for those devices that are compatible, it’s quite easy to set up.

protocols” by Sumeet Basak licensed under CC BY 2.0

Leave a Reply

Your email address will not be published. Required fields are marked *