Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP

Want to use a VPN? If you’re looking for a VPN provider or setting up your own VPN, you’ll need to choose a protocol. Some VPN providers may even provider you with a choice of protocols.

This isn’t the final word on any of these VPN standards or encryption schemes. We’ve tried to boil everything down so you can grasp the standards, how they’re related to each other — and which you should use.

Pick Your VPN Protocol the Easy Way with StrongVPN

You don’t need to settle for just using a single VPN protocol — while PPTP isn’t as secure as OpenVPN, it’s a whole lot faster, which can be really useful if you are only using a VPN to watch geo-blocked videos or access websites from another country. If you’re trying to keep yourself secure, you can use OpenVPN.

StrongVPN is a great VPN service that not only has really strong security (hence the name), but they let you choose your level of encryption based on what you’re trying to do. Just one click in the client and you can choose between protocols with a really helpful explanation for each.

If you’re looking for a new VPN service, definitely consider StrongVPN — they have plans as low as $5.83 per month.

PPTP

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OpenVPN

OpenVPN uses open-source technologies like the OpenSSL encryption library and SSL v3/TLS v1 protocols. It can be configured to run on any port, so you could configure a server to work over TCP port 443. The OpenSSL VPN traffic would then be practically indistinguishable from standard HTTPS traffic that occurs when you connect to a secure website. This makes it difficult to block completely.

It’s very configurable, and will be most secure if it’s set to use AES encryption instead of the weaker Blowfish encryption. OpenVPN has become a popular standard. We’ve seen no serious concerns that anyone (including the NSA) has compromised OpenVPN connections.

 

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

In Summary: OpenVPN is new and secure, although you will need to install a third-party application. This is the one you should probably use.

L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that doesn’t offer any encryption. That’s why it’s usually implemented along with IPsec encryption. As it’s built into modern desktop operating systems and mobile devices, it’s fairly easy to implement. But it uses UDP port 500 — that means it can’t be disguised on another port, like OpenVPN can. It’s thus much easier to block and harder to get around firewalls with.

IPsec encryption should be secure, theoretically. There are some concerns that the NSA could have weakened the standard, but no one knows for sure. Either way, this is a slower solution than OpenVPN. The traffic must be converted into L2TP form, and then encryption added on top with IPsec. It’s a two-step process.

In Summary: L2TP/IPsec is theoretically secure, but there are some concerns. It’s easy to set up, but has trouble getting around firewalls and isn’t as efficient as OpenVPN. Stick with OpenVPN if possible, but definitely use this over PPTP.

SSTP

Secure Socket Tunneling Protocol was introduced in Windows Vista Service Pack 1. It’s a proprietary Microsoft protocol, and is best supported on Windows. It may be more stable on Windows because it’s integrated into the operating system whereas OpenVPN isn’t — that’s the biggest potential advantage. Some support for it is available on other operating systems, but it’s nowhere near as widespread.

It can be configured to use very secure AES encryption, which is good. For Windows users, it’s certainly better than PPTP — but, as it’s a proprietary protocol, it isn’t subject to the independent audits OpenVPN is subject to. Because it uses SSL v3 like OpenVPN, it has similar abilities to bypass firewalls and should work better for this than L2TP/IPsec or PPTP.

In Summary: It’s like OpenVPN, but mostly just for Windows and can’t be audited as fully. Still, this is better to use than PPTP. And, because it can be configured to use AES encryption, is arguably more trustworthy than L2TP/IPsec.

OpenVPN seems to be the best option. If you have to use another protocol on Windows, SSTP is the ideal one to choose. If only L2TP/IPsec or PPTP are available, use L2TP/IPsec. Avoid PPTP if possible — unless you absolutely have to connect to a VPN server that only allows that ancient protocol.

转自:https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP的更多相关文章

  1. [原]CentOS 7.2 1511部署L2TP/IPsec服务器及客户端

    快过年了,感觉从去年开始,我们公司就变成了“别人的公司”,基本上提前一星期就放假了,好开心.正好可以利用这一段时间,把前段时间一些疑惑的问题解决下:) 然而挡在面前的一个拦路虎是:很多时候不能愉快的G ...

  2. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  3. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

  4. CentOS7部署l2tp/IPsec服务

    1.安装必要的工具 yum install vim net-tools wget unzip -y 2. 下载安装脚本 wget -O StackScript.zip http://files.cnb ...

  5. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  6. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  7. ROS+L2TP+IPSEC

    在WIN7X64,WIN8.1,WIN10,MACBOOK和苹果的IOS10调试L2TP/IPSEC通过 请注意IPSEC,要求客户端IP必须唯一,不可以有重复,那么访问VPN服务器的客户端IP,就不 ...

  8. L2TP/IPSec一键安装脚本

    本脚本适用环境:系统支持:CentOS6+,Debian7+,Ubuntu12+内存要求:≥128M更新日期:2017 年 05 月 28 日 关于本脚本:名词解释如下L2TP(Layer 2 Tun ...

  9. 配置L2TP IPsec VPN (CentOS 6.5)

    1. 安装相关包 yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enha ...

随机推荐

  1. C# 特性(Attribute)之Flag特性

    本文参考自C# 位域[flags],纯属读书笔记,加深记忆 [Flags]的微软解释是“指示可以将枚举作为位域(即一组标志)处理.”其实就是在编写枚举类型时,上面附上Flags特性后,用该枚举变量是既 ...

  2. Js正则Replace方法

    JS正则的创建有两种方式: new RegExp() 和 直接字面量. //使用RegExp对象创建 var regObj = new RegExp("(^\s+)|(\s+$)" ...

  3. 纯Python给ulaw wav文件加头

    最近在处理wav相关文件,碰见一工具产生的ualw文件不带header,顺手用python给wav格式文件加头处理,让普通播放器也能播放. (原文:http://www.cnblogs.com/ryh ...

  4. selenium+Python(表单、多窗口切换)

    1.多表单切换 在Web应用中经常会遇到frame/iframe表单嵌套页面的应用,WebDriver只能在一个页面上对元素识别与定位,对于frame/iframe表单内嵌页面上的元素无法直接定位.这 ...

  5. TOJ 1836 Play on Words

    描述 Some of the secret doors contain a very interesting word puzzle. The team of archaeologists has t ...

  6. 【百度之星2014~复赛 解题报告~正解】The Query on the Tree

    声明 笔者最近意外的发现 笔者的个人网站http://tiankonguse.com/ 的很多文章被其它网站转载,但是转载时未声明文章来源或参考自 http://tiankonguse.com/ 网站 ...

  7. SQL Developer 改成英文

  8. 如何优雅的封装一个DOM事件库

    1.DOM0级事件和DOM2级事件 DOM 0级事件是元素内的一个私有属性:div.onclick = function () {},对一个私有属性赋值(在该事件上绑定一个方法).由此可知DOM 0级 ...

  9. MySql数据库与JDBC编程二

    DML语法语句:主要操作数据表中的数据,完成插入新数据,修改已有数据,删除不要的数据的任务 1,insert into 语句 用于向指定表插入数据,一次只能插入一条记录:insert into tab ...

  10. 一:Shiro知识整理

    一:springboot快速入门: 1.建立Maven项目,导入springboot父工程 <!-- 继承springboot默认父工程 --> <parent> <gr ...