Wednesday, September 16, 2015

PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2 VPN



Let's understand first what each VPN is, and what are their pros and cons.







PPTP VPN :


It was developed by a consortium founded by Microsoft, Ascend Communications, 3Com and others, for creating VPN over dialup network. It uses Point-to-Point Tunnelling Protocol or PPTP for implementing VPN. PPTP uses a control channel over TCP and a GRE or Generic Routing Encapsulation tunnel to encapsulate PPP packets.

As per this protocol, the end user first intializes a TCP connectrion using TCP port 1723. The TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. In a PPTP GRE packet, acknowledgement field replaces the typical routing field, and the modified GRE packet is then encapsulated into IP packets, allowing tunneling within PPP.

PPTP specification does not describe encryption and authentication, instead it relies on the Point-to-Point Protocol being tunneled to implement security functionality.

Pros :

- PPTP VPN is easy to set up.
- It is fast.

Cons :

- Serious security vulnerabilities have been found in this protocol.



L2TP VPN :


L2TP VPN uses Layer 2 Tunneling Protocol to implement VPN.

In this protocol, the entire L2TP packet, including the L2TP header and payload, is sent within a UDP. Once an L2TP tunnel is established, higher level protocols run through the tunnel. The network traffic between the peers is bidirectional. It is possible to set up multiple virtual networks across a single tunnel.


L2TP VPN does not provide any encryption and confidentiality by itself, rather it relies on the encryption protocol that passes within the tunnel to provide security. IPSec is often used to secure the L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPSec.

Pros :

- Easy to set up.
- Available on all modern platforms.
- It is secure enough.

Cons :

- Slower than OpenVPN.
- Can struggle with restrictive firewalls.


OpenVPN :


It is an open-source software application. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing Network Address Translators and firewalls.

OpenVPN allows peers to authenticate using a pre-shared secret key, certifucates or username and password. It uses OpenSSL encryption library extensively, as well as the SSL/TLS protocol and contains many security and control features.


Pros :

- It is highly configurable.
- It is very secure.
- It can bypass firewalls.
- It can use a wide range of encryption algorithms.
- It is open source.

Cons :

- It needs a third party software.
- It is not so easy to set up.



SSTP VPN :


It uses Secure Socket Tunneling Protocol to implement VPN. The SSTP VPN tunnel provides the mechanism of transporting PPP or L2TP traffic through an SSL 3.0 channel.

SSL provides transport level security with key negotiation, encryption and traffic integrity checking. SSTP passes through virtually all firewalls and proxy servers except for authenticated web proxies.

Pros :

- It is very secure.
- It can bypass most firewalls.

Cons :

- SSTP suffers from the same performance limitations as any other IP-over-TCP tunnel. In general, performance will be acceptable only as long as there is sufficient excess bandwidth on the un-tunneled network link to guarantee that the tunneled TCP timers do not expire. Otherwise, performance falls off dramatically. This is known as the "TCP meltdown problem"


IKEv2 VPN :


Internet Key Exchange (version 2) is an IPSec based tunneling protocol that was jointly developed by Microsoft and Cisco.

IKEv2 is particularly good at re-establishing the VPN connections when the end users temporarily lose internet connections. It is also good enough in terms of security, performance and stability.

Pros :

- It is comparatively faster, as it does not have the overhead associated with Point-to-Point protocols.
- It is easy to set up.
- It is quite stable and secure.

Cons :

- It is not open source.
- Uses the same UDP port as IPSec, which is easier to block than SSL based solutions.



Read More

How do NAT and VPN work ?

What is SSL VPN and how is it different from IPSec VPN ?

What is IPSec ?

How does IPSec protocol work ?

How do Proxy Servers work ?

How does Tor work and how does it help in anonymous browsing ?




No comments:

Post a Comment