VPN Articles and News

VPN Protocols Explained: PPTP vs L2TP vs OpenVPN vs SSTP

By
Saturday, May 24th, 2014


Virtual Private Networks have gained significant popularity among privacy conscious internet users in the last few years. However, there still seems to be a lot of confusion regarding VPN terminology and how VPNs work behind the scenes. In this article, we will compare the most popular VPN protocols against various parameters and reveal which protocol is the best as far as online privacy is concerned.

PPTP vs L2TP vs OpenVPN vs SSTP

Brief History – The PPTP protocol was developed by a group of companies (including Microsoft) to implement VPN like features over dial-up networks. The L2TP protocol was derived from two existing protocols and is often cited as a replacement for the PPTP protocol. The OpenVPN protocol is an open source protocol that makes it easy to deploy SSL based VPN solutions. The SSTP protocol was developed by Microsoft to route PPTP and L2TP traffic over secure SSL channels.

Encryption – Although the PPTP protocol can tunnel data, it doesn’t have encryption capabilities. Instead, it relies on Point-to-Point Encryption (MPPE) which can encrypt data with up to 128 bit encryption. Likewise, the L2TP protocol doesn’t have built-in encryption features but when used with the IPSec protocol, it can provide up to 256 bit encryption. The OpenVPN protocol relies on the OpenSSL library and supports an array of encryption techniques (AES, Blowfish, 3DES, and RC5) to deliver up to 256 bit encryption. The SSTP protocol uses SSL v3 to encrypt data which can provide up to 256 bit encryption.

Ports – The PPTP protocol routes packets through TCP port 1723 whereas the L2TP protocol relies on UDP 500, UDP 1701 and UDP 5500 ports to channel traffic. The OpenVPN protocol is not a port specific protocol; it can be configured over any port (including UDP and TCP ports). The SSTP protocol uses TCP port 443 to route traffic through secure channels.

Since the PPTP and L2TP protocols use fixed ports, VPNs using these two protocols can be easily blocked by ISPs and network administrators. However, it is extremely difficult to block OpenVPN and SSTP based VPN traffic since it is not easy to distinguish VPN packets from the usual HTTPS based web traffic.

Speed – The PPTP protocol involves lower overhead so it is quite fast. On the other hand, the L2TP protocol needs to encapsulate data twice which compromises speed. The OpenVPN protocol is the fastest VPN protocol when it is used in the UDP mode. The SSTP protocol is reasonably fast but it takes much longer to establish a connection.

Compatibility & Ease of Setup – Most operating systems (including mobile operating systems) offer native support for PPTP and L2TP protocols so VPNs based on these 2 protocols are extremely easy to setup. On the other hand, none of the Operating systems offer native support for OpenVPN so you need to download and install third party software in order to use it. Earlier the OpenVPN protocol could be used only on computers but now there are third party apps available that make it compatible with mobile operating systems (including Android and iOS). Most OpenVPN based VPN solutions offer their own VPN client or configuration files to make the setup process easy but manual configuration of the OpenVPN protocol definitely requires advanced technical know-how. The SSTP protocol is available only for Windows (Vista onwards), Linux and BSD. Setting up a SSTP VPN on Windows OS is almost identical to setting up a PPTP or L2TP based VPN.

Security Vulnerabilities – The PPTP protocol is known to contain multiple vulnerabilities (especially related to MSCHAP-v2 and RC4 algorithm). On the other hand, there are no known security vulnerabilities associated with L2TP, OpenVPN and SSTP protocols.

Conclusion – Overall, the OpenVPN protocol is the clear winner as far as online security and privacy is concerned. While it is somewhat difficult to setup and doesn’t offer native support for most systems, it offers a fast and reliable privacy solution that cannot be blocked by usual methods.


May 24, 2014
Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


3 + 6 =