Which is the Best VPN Protocol? PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP

Want to use a VPN? If you’re looking for a VPN provider or setting up your own VPN, you’ll need to choose a protocol. Some VPN providers may even provider you with a choice of protocols.

This isn’t the final word on any of these VPN standards or encryption schemes. We’ve tried to boil everything down so you can grasp the standards, how they’re related to each other — and which you should use.

Pick Your VPN Protocol the Easy Way with StrongVPN

You don’t need to settle for just using a single VPN protocol — while PPTP isn’t as secure as OpenVPN, it’s a whole lot faster, which can be really useful if you are only using a VPN to watch geo-blocked videos or access websites from another country. If you’re trying to keep yourself secure, you can use OpenVPN.

StrongVPN is a great VPN service that not only has really strong security (hence the name), but they let you choose your level of encryption based on what you’re trying to do. Just one click in the client and you can choose between protocols with a really helpful explanation for each.

If you’re looking for a new VPN service, definitely consider StrongVPN — they have plans as low as $5.83 per month.

PPTP

Don’t use PPTP. Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely the NSA (and probably other intelligence agencies) are decrypting these supposedly “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.

Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it. It’s time to move on.

In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up. Stay away.

OpenVPN

OpenVPN uses open-source technologies like the OpenSSL encryption library and SSL v3/TLS v1 protocols. It can be configured to run on any port, so you could configure a server to work over TCP port 443. The OpenSSL VPN traffic would then be practically indistinguishable from standard HTTPS traffic that occurs when you connect to a secure website. This makes it difficult to block completely.

It’s very configurable, and will be most secure if it’s set to use AES encryption instead of the weaker Blowfish encryption. OpenVPN has become a popular standard. We’ve seen no serious concerns that anyone (including the NSA) has compromised OpenVPN connections.

 

OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a a third-party application — either a desktop application or a mobile app. Yes, you can even use mobile apps to connect to OpenVPN networks on Apple’s iOS.

In Summary: OpenVPN is new and secure, although you will need to install a third-party application. This is the one you should probably use.

L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that doesn’t offer any encryption. That’s why it’s usually implemented along with IPsec encryption. As it’s built into modern desktop operating systems and mobile devices, it’s fairly easy to implement. But it uses UDP port 500 — that means it can’t be disguised on another port, like OpenVPN can. It’s thus much easier to block and harder to get around firewalls with.

IPsec encryption should be secure, theoretically. There are some concerns that the NSA could have weakened the standard, but no one knows for sure. Either way, this is a slower solution than OpenVPN. The traffic must be converted into L2TP form, and then encryption added on top with IPsec. It’s a two-step process.

In Summary: L2TP/IPsec is theoretically secure, but there are some concerns. It’s easy to set up, but has trouble getting around firewalls and isn’t as efficient as OpenVPN. Stick with OpenVPN if possible, but definitely use this over PPTP.

SSTP

Secure Socket Tunneling Protocol was introduced in Windows Vista Service Pack 1. It’s a proprietary Microsoft protocol, and is best supported on Windows. It may be more stable on Windows because it’s integrated into the operating system whereas OpenVPN isn’t — that’s the biggest potential advantage. Some support for it is available on other operating systems, but it’s nowhere near as widespread.

It can be configured to use very secure AES encryption, which is good. For Windows users, it’s certainly better than PPTP — but, as it’s a proprietary protocol, it isn’t subject to the independent audits OpenVPN is subject to. Because it uses SSL v3 like OpenVPN, it has similar abilities to bypass firewalls and should work better for this than L2TP/IPsec or PPTP.

In Summary: It’s like OpenVPN, but mostly just for Windows and can’t be audited as fully. Still, this is better to use than PPTP. And, because it can be configured to use AES encryption, is arguably more trustworthy than L2TP/IPsec.

OpenVPN seems to be the best option. If you have to use another protocol on Windows, SSTP is the ideal one to choose. If only L2TP/IPsec or PPTP are available, use L2TP/IPsec. Avoid PPTP if possible — unless you absolutely have to connect to a VPN server that only allows that ancient protocol.

转自:https://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

PPTP vs. OpenVPN vs. L2TP/IPsec vs. SSTP的更多相关文章

  1. [原]CentOS 7.2 1511部署L2TP/IPsec服务器及客户端

    快过年了,感觉从去年开始,我们公司就变成了“别人的公司”,基本上提前一星期就放假了,好开心.正好可以利用这一段时间,把前段时间一些疑惑的问题解决下:) 然而挡在面前的一个拦路虎是:很多时候不能愉快的G ...

  2. 架设基于StrongSwan的L2tp/IPSec VPN服务器

    架设基于StrongSwan的L2tp/IPSec VPN服务器 参考: http://agit8.turbulent.ca/bwp/2011/01/setting-up-a-vpn-server-w ...

  3. 如何在 Debian / Ubuntu 服务器上架设 L2TP / IPSec VPN

    本站的 Rio 最近在一台 Ubuntu 和一台 Debian 主机上配置了 L2TP / IPSec VPN,并在自己的博客上做了记录.原文以英文写就,我把它大致翻译了一下,结合我和 Rio 在设置 ...

  4. CentOS7部署l2tp/IPsec服务

    1.安装必要的工具 yum install vim net-tools wget unzip -y 2. 下载安装脚本 wget -O StackScript.zip http://files.cnb ...

  5. windows7 自带l2tp/ipsec VPN客户端连接Cisco ASA

    搞了半天,最后发现其实很简单,在ASA默认配置的基础上,把所有crypto ipsec ikev1 transform-set 加上mode transport,然后把tunnel-group Def ...

  6. PPTPD/L2TP/IPSec VPN一键安装包 For CentOS 6

    一.一键安装PPTPD VPN 本教程适用于Openv VPS.Xen VPS或者KVM VPS. 1.首先运行如下命令: cat /dev/net/tun 返回的必须是: cat: /dev/net ...

  7. ROS+L2TP+IPSEC

    在WIN7X64,WIN8.1,WIN10,MACBOOK和苹果的IOS10调试L2TP/IPSEC通过 请注意IPSEC,要求客户端IP必须唯一,不可以有重复,那么访问VPN服务器的客户端IP,就不 ...

  8. L2TP/IPSec一键安装脚本

    本脚本适用环境:系统支持:CentOS6+,Debian7+,Ubuntu12+内存要求:≥128M更新日期:2017 年 05 月 28 日 关于本脚本:名词解释如下L2TP(Layer 2 Tun ...

  9. 配置L2TP IPsec VPN (CentOS 6.5)

    1. 安装相关包 yum install -y ppp iptables make gcc gmp-devel xmlto bison flex libpcap-devel lsof vim-enha ...

随机推荐

  1. CodingLife的CSS样式整理

    1 首页的超链接鼠标悬停效果 .postTitle a:hover { color:red; text-decoration:none } 2 正文标题鼠标悬停效果 #topics .postTitl ...

  2. mvc框架的学习步骤

    1 搭建环境.有个感性认识 2 如何完成controller和viewer的映射 3 如何把值传给controller 4 controller如何把值传给view 5 异常处理 6 页面标签 7文件 ...

  3. Java的IO输入输出流类的介绍(有图)

    一.字节流 1.InputStream/OutputStream(输入流与输出流几乎一一对应) 读取的方法   int read()   int read(byte[] buffer)   int r ...

  4. FastReport打印table

    经过验证是对的. table第一行添加标题,也就是拖过来的文本label,第二行开始绑定数据源的字段. 先设计报表的静态部分,再用代码注册数据源,然后设计,添加注册的数据源,绑定字段. var rep ...

  5. [转]Add Bootstrap Glyphicon to Input Box

    本文转自:http://stackoverflow.com/questions/18838964/add-bootstrap-glyphicon-to-input-box How can I add ...

  6. asp get与post获取的区别

    1.HTTP请求格式: <request line> <headers> <blank line> [<request-body>] 在HTTP请求中, ...

  7. CentOS7 一键安装KMS服务【整理】

    KMS,是 Key Management System 的缩写,也就是密钥管理系统.这里所说的 KMS,毋庸置疑就是用来激活 VOL 版本的 Windows 和 Office 的 KMS 啦.经常能在 ...

  8. Java - 如何进行安全发布

    首先让我简单解释一下所谓"发布". 发布(publish),使对象可以在当前作用域之外的代码中可见,如果该对象被发布,则该对象的非私有域中引用的所有实例同样也会被发布. 不仅仅是作 ...

  9. node.js搭建https服务器

    HTTPS简介 HTTPS:(全称:Hypertext Transfer Protocol over Secure Socket Layer),是以安全为目标的HTTP通道,简单讲是HTTP的安全版. ...

  10. Linux+Git命令

    Linux 文件与目录 cd命令: $ cd [path] //path为路径名称,这只是常规语法 1 详细用法如下: $ cd /d //进入d盘 $ cd d: //进入d盘 $ cd D: // ...