If you’ve just started your VPN, or just looked at your VPN application settings lately, you might have noticed multiple options to change your protocol within the VPN. Don’t be afraid, these protocols aren’t that complicated.
VPN providers give users control to select which protocol they want to use within their VPN applications. These protocols include Point-to-Point Tunneling (PPTP), Layer 2 Tunneling (L2TP/ Internet Protocol Security (IPsec), Secure Sockets Layer (SSL), and OpenVPN. Beyond just sounding confusing, all of these protocols present a lot of options and complexities–and most VPN providers don’t provide much explanation to why you should use any of them. In this article, we are going to explain what each protocol accomplishes, and which protocol will most likely be your default pick.
PPTP has been around for awhile. It’s been integrated into Windows since Windows 95. Suffice to say, there might be more than a few cracks in this bad boy’s security.
The PPTP protocol is the least secure VPN protocol, with only 128-bit encryption and multiple security leaks and vulnerabilities (underlying problems are related to authentication protocols used)–which make it a bad choice for those looking for the highest form of security. Even Microsoft has released a statement recommending users to use other forms of protocols.
However, PPTP only requires a username, password, and server address to establish a working connection and it’s very easy to set up since most operating systems come with it pre-installed. PPTP is a good fast protocol pick for those who aren’t worried about security. It’s also very easy to configure into DD-WRT or Tomato firmware.
In a lot of ways, PPTP can’t really be recommended. But it ‘s important to understand why not to use PPTP since it’s an option from almost every VPN provider there is.
Very easy to use and setup on multiple platforms
Least secure protocol option
Layer 2 Tunneling(L2TP/ Internet Protocol Security (IPsec)
L2TP is a popular protocol combined with the IPsec encryption suite to provide good security and privacy. The IPsec encryption suite doesn’t have many known vulnerabilities that make it an excellent pick for those worried about security.
Since L2TP is built into all modern operating systems, it’s very easy to set up (just like PPTP). L2TP/IPsec is also primarily used on iOS by VPN providers as a worthy alternative to OpenVPN (iOS has API restrictions that prevent OpenVPN from being an option while Android doesn’t).
L2TP provides strong 256-bit encryption sessions but has slower speeds than PPTP and OpenVPN.
Works on iOS
Slower than OpenVPN and PPTP
Secure Socket Tunneling Protocol SSTP
Introduced by Microsoft in Windows Vista SP1, SSTP is still mainly a Windows only platform that uses SSL v3. SSL v3 offers similar advantages to OpenVPN (it can use TCP port 443 to avoid NAT firewall issues), and it’s very easy to use since it’s integrated within Windows already.
Since SSTP is Microsoft’s proprietary standard, the code isn’t open source, which has led many Microsoft skeptics to stray away from the protocol.
Complete Windows integration
Can get through most firewalls
Only works on Windows
Cannot be inspected heavily for vulnerabilities
OpenVPN is the newest and, therefore, the most advanced protocol option for a VPN. OpenVPN uses the OpenSSL library and SSLv3/TLSv1 protocols, but it’s also highly configurable, continually updated, and supported via its open source community. OpenVPN can be set to run on any port which makes it very adaptable and impossible to distinguish from standard traffic using HTTPS from SSL.
OpenVPN is very popular among VPN providers and you’ll see most VPN providers encouraging users to use it as a default option. The OpenSSL library used to provide encryption supports AES, Blowfish, 3DES, CAST-128, Camellia and more). Most good VPN providers use 256 bit AES encryption through OpenVPN.
OpenVPN is the fastest and most secure protocol used for VPNs. However, since it’s not integrated into native platforms the same way PPTP and L2TP/IPSec is, it’s only easily installed through VPN provider clients.
Most secure protocol
Needs an application to set up
Internet Key Exchange (IKEv2)
IKEv2 is an IPSec based tunneling protocol developed by Microsoft and Cisco. It’s integrated into Windows as well as the standard for Blackberry devices. Other open source versions are available for other platforms.
One of IKEv2’s strengths is its ability to reconnect and re-establish connections (like in a subway for example). For this reason, Microsoft has aptly named IKEv2 “VPN Connect“. While most mobile VPN applications utilize L2TP/IPsec, IKEv2 is also a good choice (Blackberry users can only use IKEv2) because of it’s adaptable nature.
Faster than PPTP, SSTP, and L2TP
Supports AES 128, AES 192, AES 256
Not supported on very many operating systems
Easier to block than OpenVPN
Not open source
If you’re looking for a one stop answer on which protocol you should use, pick OpenVPN. It has better speeds than PPTP, just as much security as L2TP/IPSec, and open source adaptability not available in any other protocol. L2TP/IPSec is also a good choice since it’s the primary protocol used by mobile VPN providers on iOS.
As a final word of caution, make sure you’re using the right protocol when using your VPN. Not all VPN providers pick OpenVPN for you. Some trick you into using one protocol or another depending on how they want the program to operate.
Need help choosing a good VPN? Check out our ultimate guide!