The most popular VPN protocols in use today are PPTP, L2TP/IPsec, SSTP, and OpenVPN. Each of these has its strengths and weaknesses and it can be difficult to decide which is the best choice for your situation. Not all VPN providers support all of these protocols, SSTP being the notable exception, but most will support the other three. I hope that my independent review of them, will help you to decide, which of these is the best for you.
The main facets to consider are; reliability, security, performance, and ease of use.
PPTP and SSTP are proprietary protocols, whilst L2TP/IPsec and OpenVPN are open protocols. Open protocols are subject to peer review by the greater public. This public review process has proven to create a more secure product. On the other hand, proprietary protocols are often supported well by their corporations, but because of their confidential nature they are often vulnerable to unforeseen security flaws.
One issue that SSTP and OpenVPN over TCP suffer from is “TCP meltdown”. Both of these use the TCP protocol which has error correction and congestion algorithms designed into it. In a VPN scenario you will often create another TCP connection within the VPN tunnel. For example, typically, HTTP traffic is transported on the TCP protocol. A TCP connection contained within a TCP can connection can cause the two connections to interfere with one another. Sometimes this leads to a “meltdown” effect, where the connection grinds to a halt.
OpenVPN can be configured to run over TCP or UDP whilst L2TP utilizes UDP. In most situations, you are better off running OpenVPN over UDP, but in some cases (e.g. an unreliable connection) TCP works better. This is one example of how OpenVPN’s flexibility can be very useful. The mechanics behind this are esoteric and beyond the scope of this article, but “TCP meltdown” does happen on TCP based VPNs. A good VPN provider should be able to help you choose the correct setup for your situation.
Since everyone’s situation is unique all of these VPN protocols have valid applications. But no one concerned with security should use PPTP. L2TP/IPsec is still generally considered secure but with the Snowden revelations its security has come under question. L2TP/IPsec’s lack of flexibility can make it difficult to use with restrictive firewalls. SSTP can be a good choice for Microsoft users. OpenVPN is the protocol that almost all users should choose if possible. Due to OpenVPN’s many configuration options, it can be complicated to setup properly making it crucial that your VPN provider be technically adept.
PPTP stands for the “Point-to-Point Tunneling Protocol”. It is a proprietary protocol that has been used on Microsoft operating systems since Windows 95. The protocol is also supported by OS X, Android, iOS, many mobile phones, and various flavors of UNIX / Linux. Because so many devices have built-in PPTP support, it has been a popular protocol choice for VPNs.
However, the protocol has multiple known, and serious security vulnerabilities. Hence, it is no longer considered secure. Most VPN providers will recommend any user concerned about privacy and security to use an alternate protocol. PPTP still remains useful for bypassing regional content blocking (geo-unblocking).
I simply can not recommend PPTP for anyone concerned about security or privacy. However, because it is built-in to so many platforms it is arguably the most widely supported protocol. It is also lightweight, making it useful on older or lower powered hardware.
Structure of a PPTP Packet Containing an IP Datagram:
Although PPTP does encrypt and authenticate its payload, the process is considered extremely flawed and insecure. I can really only recommend PPTP if you do not have another option and security is not a concern. One example that I can think of, would be for geo-unblocking of a streaming service. My phone has limited processing power, and as an Android device, it has PPTP built-in to the OS. I am not very concerned if anyone knows what I am watching on my phone, but I do want it to stream smoothly. So, I might use PPTP to stream the BBC iPlayer on my phone.
Microsoft’s implementation of PPTP uses their MS-CHAP for authentication and this protocol has been proven to be flawed. Microsoft uses the RC4 cipher with a maximum 128 bit key size. This cipher is no longer considered secure.
- Built-in support on most platforms
- Easy to use and setup
- Easy to block
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol and offers no encryption. But when paired with Internet Protocol Security (IPsec) for encryption and authentication it creates a popular VPN protocol. Although developed mainly by commercial and governmental interests, the protocols are an open standard.
It is a widely supported protocol that is built-in to most modern platforms. It is built-in to Microsoft Windows 2000 and later.
One of the Snowden revelations is that the NSA deliberately compromised IPsec. Although, this has not been proven, it is a concern.
L2TP/IPsec runs on the well known UDP port 500. This makes it trivial to block this VPN protocol. IPsec typically authenticates using the Internet Key Exchange (IKE) protocol. Many VPN providers use a pre-shared key (PSK) that is not shared in a secure manner, effectively nullifying the authentication. Public keys and X.509 certificates can be used with IKE or IKEv2. IPsec can use different ciphers with 3DES and AES being the most common. With proper authentication and encryption, L2TP/IPsec can be generally considered secure.
- Supported on many platforms
- Easy to setup
- Easy to block
- Possibly compromised by the NSA
L2TP/IPsec is a fairly widely supported VPN protocol and despite the Snowden revelation, it is still generally considered secure. If security is your primary concern then you should look to another protocol. If you are located in a highly restrictive environment such as China, this protocol is easily blocked and you should choose another. This is a better choice than PPTP, and is almost as widely supported, but most users would be better served by a different standard.
Secure Socket Tunneling Protocol (SSTP) is a proprietary protocol that was designed by Microsoft as a replacement for the insecure PPTP protocol. It has been available on Microsoft operating systems since Windows Vista. As a proprietary protocol it is not subject to public inspection. Therefore it could contain back-doors and unpublished vulnerabilities.
Because SSTP uses TCP port 443, the same used for HTTPS (HTTP over SSL), it is difficult to block. Blocking port 443 would effectively block all HTTPS traffic. In fact, SSTP utilizes SSL 3.0 for encryption and authentication. Which means there are a number of ciphers and authentication methods available. Like OpenVPN, which is also an SSL based VPN, I would recommend the AES-128-CBC or AES-256-CBC ciphers.
- Hard to block, uses TCP port 443 (HTTPS)
- Excellent Microsoft support
- Not as widely supported as other protocols
- Poor or no support on non-Microsoft platforms (no Apple support)
- Susceptible to “TCP meltdown”
- Proprietary protocol
If you are using a Microsoft platform since Windows Vista and your VPN provider supports it, SSTP might be a good choice. It is well supported by Microsoft and as easy to setup as PPTP or L2TP/IPsec. It is also a secure protocol. Like all TCP over TCP protocols, it can be susceptible to “TCP Meltdown”. This would be a better choice than PPTP or L2TP/IPsec.
In 2001, James Yonan released OpenVPN under the open source GPL license. Since then, OpenVPN has become one of the most widely used VPN protocols.
OpenVPN is a very popular VPN protocol for good reasons. It is considered very secure, and uses the popular open source OpenSSL library for encryption. As it is open source it is widely reviewed for vulnerabilities. It is a very flexible protocol, being able to use any TCP or UDP port, making it very difficult to block. It is capable of using any of the ciphers in the OpenSSL library. It is also capable of utilizing other SSL libraries like mbed TLS (previously PolarSSL).
OpenVPN leaves the work of key negotiation and encryption to the OpenSSL library. Being open source, OpenSSL is widely reviewed and is very secure. When a new vulnerability is identified it is quickly addressed by the open source community. “Heartbleed” being one of the most infamous vulnerabilities found in any open source software, was patched on the same day as the public announcement of the bug. OpenSSL supports many ciphers. OpenVPN defaults to the Blowfish 128 bit CBC cipher. While Blowfish is considered secure, there are stronger and more efficient ciphers that should be used. I recommend AES-128-CBC or AES-256-CBC depending on your speed vs. security needs.
OpenVPN requires the installation of client software as there is no built-in OS support. Being open source, many VPN providers have written their own custom OpenVPN clients. A few providers have even written their own custom servers. Some have even modified the protocol to address problems such as Deep Packet Inspection (DPI).
The downside of this flexibility is that it can be more difficult to setup. But many VPN providers have addressed this with their simple to use and install custom clients. Another downside is that an improperly setup VPN can be insecure. It is even more important to use a quality VPN provider when utilizing OpenVPN.
- Open Source software and protocol
- OpenSSL libraries for encryption (can easily use other libraries)
- Very flexible
- Supported on almost any platform
- Generally fast (higher encryption levels can slow it down)
- Very difficult to block
- Can use UDP, avoiding “TCP meltdown”
- No native support, requires external software
- Can be more difficult to setup
- Can be insecure if not properly setup
For most users OpenVPN is the protocol of choice. If setup correctly, it is fast, secure, and very reliable. It can be more complicated to setup, requiring the installation and configuration of client software, but many VPN providers have addressed this with custom client software. Of all the protocols, a competent VPN provider is a must.
There is yet another VPN protocol that is confusingly named. I have often seen it called simply “IKEv2”, which I find very confusing as IKEv2 stands for “Internet Key Exchange version 2” and is part of IPsec and described in RFC 7296. The IKEv2 VPN has been built-in to Microsoft Windows 7 and later. I have seen the Microsoft version called “Agile VPN”, “Microsoft VPN Reconnect”, “Mobile VPN”, and simply “IKEv2”. It is one of the four supported VPN types built-in to Windows 7.
Cisco dubs their IOS implementation of an IKEv2 VPN “Flex VPN”. Juniper calls it IPsec VPN. There is a notable open source implementation of IKEv2 VPN called strongSwan. Most implementations also integrate IKEv2 Mobility and Multihoming Protocol (MOBIKE). As described in RFC 4555;
The main scenario for MOBIKE is enabling a remote access VPN user to
move from one address to another without re-establishing all security
associations with the VPN gateway. For instance, a user could start
from fixed Ethernet in the office and then disconnect the laptop and
move to the office’s wireless LAN. When the user leaves the office,
the laptop could start using General Packet Radio Service (GPRS);
when the user arrives home, the laptop could switch to the home
IKEv2 VPN is one of the few protocols supported on Blackberry. In an IKEv2 VPN, IKEv2 is used to setup the security association (SA). Then IPsec is used to transport the data, and MOBIKE maintains the SA when the user changes IPs (networks) without having to renegotiate the SA. Early adoption of IKEv2 began in 2006, but at the time of this article, the standard had been updated as recently as January of 2015.
A Microsoft TechNet article describes it thusly;
IKEv2 is a tunneling protocol that uses the IPsec Tunnel Mode protocol over UDP port 500. An IKEv2 VPN provides resilience to the VPN client when the client moves from one wireless hotspot to another or when it switches from a wireless to a wired connection. The use of IKEv2 and IPsec allows support for strong authentication and encryption methods.
IKEv2 VPN supports the AES-CBC cipher and the SHA-256 digest and these should be used over the DES and MD5 algorithms.
- Great stability, maintains connections even when switching networks
- Very secure when using AES-CBC/SHA-256
- Easy to setup
- Supported on Blackberry
- Support still rolling out on many platforms such as iOS
- Server setup can be difficult
- Limited VPN provider support
If you have a platform and a VPN provider that supports an IKEv2 VPN, it might very well be worth trying it out. If you have a Blackberry, it probably your only choice. This is a VPN protocol to keep your eyes on, and it may very well become the new standard in a few more years.