Choosing a Protocol for VPN. Comparison of OpenVPN, PPTP, L2TP/IPsec, and IPsec IKEv2.
Many resources, when informing users about VPN, typically recommend OpenVPN with 256-bit encryption, explaining that it is the most reliable protocol. However, in reality, it is not entirely a protocol, as several factors influence the overall security of a VPN, and each of them is very important.
We are starting a series of chapters on choosing a secure VPN, within which we will examine the indicators affecting the overall security of a VPN and discuss some vulnerabilities of the VPN tunnel in this context.
Tunneling Protocol
Typically, the choice of a VPN begins with selecting a tunneling protocol (hereinafter referred to as TP). Today, there are several options for TP available on the market for implementing a virtual private network: OpenVPN, PPTP, L2TP/IPsec, IPsec IKEv2, and others that have not gained widespread popularity. It is worth noting right away that it is not entirely accurate to call OpenVPN a tunneling protocol; it is software for creating a virtual network, but let’s refer to it as a protocol to avoid confusion.
What is a protocol? Imagine a situation where you meet someone and want to communicate with them, but you speak different languages. Naturally, you won’t understand each other, and any meaningful interaction is impossible. A protocol is the language of interaction, in this case, between a computer and a VPN server.
PPTP
PPTP is the first protocol supported on the Windows platform. The protocol has weak encryption and can be hacked by both intelligence agencies and skilled attackers. Among its advantages, it is worth noting the lack of need to install additional software and its speed. PPTP VPN requires minimal resources and, compared to OpenVPN, almost does not drain the battery when used on mobile devices.
Why is this protocol still in use? Its main problem is the weak protection of key transmission, but this does not mean that anyone can easily break the encryption. PPTP also has its advantages: ease of setup and use, decent protection, and IP address change. PPTP may not be the most secure protocol, but it is definitely better than nothing.
L2TP/IPsec
What you need to know about it:
- it is slower than others due to double encapsulation (an IPsec tunnel is created, and data travels through L2TP);
- it uses standard ports, which makes it easy for an internet service provider or system administrator to block it;