Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP

Want to use a VPN? If you’re looking for a VPN provider or setting up your own VPN, you’ll need to choose a protocol. Some VPN providers may even provider you with a choice of protocols.

This isn’t the final word on any of these VPN standards or encryption schemes. We’ve tried to boil everything down so you can grasp the standards, how they’re related to each other — and which you should use.

Pick Your VPN Protocol the Easy Way with StrongVPN

You don’t need to settle for just using a single VPN protocol — while PPTP isn’t as secure as OpenVPN, it’s a whole lot faster, which can be really useful if you are only using a VPN to watch geo-blocked videos or access websites from another country. If you’re trying to keep yourself secure, you can use OpenVPN.

StrongVPN is a great VPN service that not only has really strong security (hence the name), but they let you choose your level of encryption based on what you’re trying to do. Just one click in the client and you can choose between protocols with a really helpful explanation for each.

If you’re looking for a new VPN service, definitely consider StrongVPN — they have plans as low as $5.83 per month.

PPTP

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OpenVPN

OpenVPN uses open-source technologies like the OpenSSL encryption library and SSL v3/TLS v1 protocols. It can be configured to run on any port, so you could configure a server to work over TCP port 443. The OpenSSL VPN traffic would then be practically indistinguishable from standard HTTPS traffic that occurs when you connect to a secure website. This makes it difficult to block completely.

It’s very configurable, and will be most secure if it’s set to use AES encryption instead of the weaker Blowfish encryption. OpenVPN has become a popular standard. We’ve seen no serious concerns that anyone (including the NSA) has compromised OpenVPN connections.

 

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

In Summary: OpenVPN is new and secure, although you will need to install a third-party application. This is the one you should probably use.

L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that doesn’t offer any encryption. That’s why it’s usually implemented along with IPsec encryption. As it’s built into modern desktop operating systems and mobile devices, it’s fairly easy to implement. But it uses UDP port 500 — that means it can’t be disguised on another port, like OpenVPN can. It’s thus much easier to block and harder to get around firewalls with.

IPsec encryption should be secure, theoretically. There are some concerns that the NSA could have weakened the standard, but no one knows for sure. Either way, this is a slower solution than OpenVPN. The traffic must be converted into L2TP form, and then encryption added on top with IPsec. It’s a two-step process.

In Summary: L2TP/IPsec is theoretically secure, but there are some concerns. It’s easy to set up, but has trouble getting around firewalls and isn’t as efficient as OpenVPN. Stick with OpenVPN if possible, but definitely use this over PPTP.

SSTP

Secure Socket Tunneling Protocol was introduced in Windows Vista Service Pack 1. It’s a proprietary Microsoft protocol, and is best supported on Windows. It may be more stable on Windows because it’s integrated into the operating system whereas OpenVPN isn’t — that’s the biggest potential advantage. Some support for it is available on other operating systems, but it’s nowhere near as widespread.

It can be configured to use very secure AES encryption, which is good. For Windows users, it’s certainly better than PPTP — but, as it’s a proprietary protocol, it isn’t subject to the independent audits OpenVPN is subject to. Because it uses SSL v3 like OpenVPN, it has similar abilities to bypass firewalls and should work better for this than L2TP/IPsec or PPTP.

In Summary: It’s like OpenVPN, but mostly just for Windows and can’t be audited as fully. Still, this is better to use than PPTP. And, because it can be configured to use AES encryption, is arguably more trustworthy than L2TP/IPsec.

OpenVPN seems to be the best option. If you have to use another protocol on Windows, SSTP is the ideal one to choose. If only L2TP/IPsec or PPTP are available, use L2TP/IPsec. Avoid PPTP if possible — unless you absolutely have to connect to a VPN server that only allows that ancient protocol.

转自:https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP的更多相关文章

  1. [原]CentOS 7.2 1511部署L2TP/IPsec服务器及客户端

    快过年了,感觉从去年开始,我们公司就变成了“别人的公司”,基本上提前一星期就放假了,好开心.正好可以利用这一段时间,把前段时间一些疑惑的问题解决下:) 然而挡在面前的一个拦路虎是:很多时候不能愉快的G ...

  2. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  3. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

  4. CentOS7部署l2tp/IPsec服务

    1.安装必要的工具 yum install vim net-tools wget unzip -y 2. 下载安装脚本 wget -O StackScript.zip http://files.cnb ...

  5. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  6. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  7. ROS+L2TP+IPSEC

    在WIN7X64,WIN8.1,WIN10,MACBOOK和苹果的IOS10调试L2TP/IPSEC通过 请注意IPSEC,要求客户端IP必须唯一,不可以有重复,那么访问VPN服务器的客户端IP,就不 ...

  8. L2TP/IPSec一键安装脚本

    本脚本适用环境:系统支持:CentOS6+,Debian7+,Ubuntu12+内存要求:≥128M更新日期:2017 年 05 月 28 日 关于本脚本:名词解释如下L2TP(Layer 2 Tun ...

  9. 配置L2TP IPsec VPN (CentOS 6.5)

    1. 安装相关包 yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enha ...

随机推荐

  1. Android中判断service是否在运行

    /** * 判断服务是否开启 * * @return */ public static boolean isServiceRunning(Context context, String Service ...

  2. MCD的正确格式

    [[99NN/etWLLP/33qnzb/eMNf5mwlh9hUsT+FYsTIU15REWiQd99vwIyZqDUDIRtvsgCP0BXDlvHJlbDR+NPhyL50wS2ThIiEwD/ ...

  3. 封装element-ui的dialog组件

    封装组件: <template> <div class="dialog-container"> <el-dialog title="titl ...

  4. Node.js des加密

    常见的加密算法基本分为这几类,1 :线性散列算法.2:对称性加密算法.3.非对称性加密算法 (记记记) 线性散列算法(签名算法):MD5,SHA1,HMAC比如MD5:即Message-Digest ...

  5. FocusBI: 商业智能场景(原创)

    关注微信公众号:FocusBI 查看更多文章:加QQ群:808774277   获取学习资料和一起探讨问题. <商业智能教程>pdf下载地址 链接:https://pan.baidu.co ...

  6. SSM批量插入和修改实现实例

    1.Service,自己对代码逻辑进行相应处理 /* 新增订单产品信息 */ List<DmsOrderProduct> insertOrderProductList = Lists.ne ...

  7. Git中.gitignore, 忽略追踪

    在目录下 创建: .gitignore文件,将不需要被追踪的文件地址, 写在该文件中, 此时git软件就不会追踪列出的文件进行版本同步: windows不允许创建没有文件名的文件,可以用编辑器创建.g ...

  8. PS基础,英语

    PS基础(矢量图案的绘制) 水平参考线:新建背景(长宽一致,背景内容为透明)---设置水平参考线(水平垂直都要)---完成. 背景制作:设置前景色---用矩形选框工具绘制正方形选区(背景已被参考线平分 ...

  9. 理解 Azure 虚拟机的性能监视

    随着越来越多的用户将生产应用迁移到云平台,一些传统 IT 的运维功能也相应的需要改变,例如监控,备份等等.我们希望通过这一系列的文章来协助用户更好的理解在 Azure 云平台上实现资源监控的方法. 在 ...

  10. 【转】.net MVC 生命周期

    对于Asp.net MVC,我对它的生命周期还是兴趣很浓,于是提出两个问题: 一个HTTP请求从IIS移交到Asp.net运行时,Asp.net MVC是在什么时机获得了控制权并对请求进行处理呢?处理 ...