VPN Protocols – PPTP vs L2TP vs OpenVPN vs SSTP
There are three major VPN protocols that you’re likely to see offered by most providers: PPTP, L2TP/IPSEC and OpenVPN. There is also one called SSTP that hasn’t been adopted as widely as the other three. All of them have their advantages and disadvantages. Most of the time, you’ll be making a tradeoff between speed and security. Below is a chart which briefly summarizes the differences followed below by a more through analysis.
|Summary||The first VPN protocol created by Microsoft. PTPP has been criticized for various security flaws however PTPP is found everywhere and has lower overhead.||Advanced VPN protocol that is recognized on all platforms including smartphone OSes. Protocol is highly secure but not flexible and can be blocked easily.||Open source VPN protocol that combines the best of encryption and flexibility. High speeds can be realized by using UDP and OpenVPN can be configured so that it is difficult to block..||Created and endorsed by Microsoft, SSTP is the evolution of PPTP and is more secure and flexible. Unfortunately, SSTP only works on windows 7 and above systems.|
|Encryption||Supports 40-bit, 56-bit and 128-bit encryption.||AES encyption with 256 bit keys. Top secret according to the NSA||Flexible Encyption with 160 or 256 bit keys. Highly Secure.||256 bit key for encryption. Highly Secure|
|Platforms||Windows, Mac, Linux, iOS, Android, Symbian, DDWRT||Windows, Mac, Linux, iOS, Android, Symbian||Windows, Mac, Linux, DDWRT||Windows 7+ Only|
|Speed||Less encryption means less CPU and faster connections.||For Personal VPN service expect high overhead as this protocol is encrypted twice.||When used in conjunction with UDP instead of TCP. OpenVPN can be the fastest VPN protocol.||Fast and stable protocol when used on Windows only systems.|
|Ports||1723 TCP||500 UDP|
|Easily changed||443 TCP|
|Flexibility||No Flexibility||No Flexibility||Highly Configurable.||No Flexibility|
|Ease Of Use||Easiest to manually setup on all platforms.||Straightforward Setup more involved than PPTP but not difficult||Can be the most difficult to configure||Easily setup on Windows 7+ systems|
|Can Be Censored||Easily blocked due to fixed protocols and ports.||Easily blocked due to fixed protocols and ports.||Very Hard to Block when using SSL||Very Hard to Block when using SSL|
PPTP Explained – PPTP vs L2TP vs OpenVPN vs SSTP
PPTP is the most basic of all the VPN protocols out there. It’s also the fastest in terms of how well it works on slower computers and connections. This is an old protocol and was the first VPN supported by the Windows OS.
The PPTP protocol only allows you to have 128-bit encryption at max. That is lower than the standard encryption used by banks, online shopping establishments and so forth. This is considered to be one of the weakest VPN protocols out there and, for very advanced users, it’s usually not enough.
There are some very handy uses for PPTP, however. If you have a slower machine, the lower encryption levels mean that there is less processing involved in decrypting the content. This makes the system work faster. This is really something that only those people with very slow computers will notice, however. For most VPN customers, the difference between this protocol and the next, L2TP/IPsec will be negligible in terms of speed.
Even though this protocol is offered by just about every VPN provider out there, it’s important to remember that it is not very secure. It does conceal what you’re doing from anyone casually monitoring your traffic, but there are several known hacks that allow people to get around PPTP if they’re very motivated to do so.
L2TP/IPSec Explained – L2TP/IPSec vs PPTP vs OpenVPN vs SSTP
L2TP/IPSec is a very advanced and secure protocol that’s used on VPN networks. L2TP/IPsec uses 256-bit encryption. There are two types of encryption that are used with this protocol. The encryption may be 3DES or AES. The AES256 encryption scheme is actually used to transmit top secret information. The odds of someone being able to brute-force hack this level of encryption are so small that they are nearly incomprehensible.
The slower performance of this type of security comes from the fact that it is so very secure. The data is encrypted twice. The keys are exchanged over specific ports so that each of the computers involved in the transaction can get at the data.
L2TP/IPsec’s reliance on specific ports means that, if those ports are blocked, it cannot complete a connection. This makes it easier for administrators to make it impossible to use this protocol on their networks by blocking a few ports.
L2TP/IPsec is exceptionally secure. It is not vulnerable to any known hacks and, when it is used with AES encryption, it’s trusted to protect secrets and regarded as top secret by the NSA in the United States.
At a glance, using L2TP/IPsec means:
- Very Good Security
- Slower Performance
- Minimal Setup Headaches
- Freedom From Deep Packet Inspection/Traffic Shaping
OpenVPN Explained – OpenVPN vs PPTP vs L2TP vs SSTP
OpenVPN is one of the many very significant breakthroughs that have been made by open-source community projects. This VPN protocol is very secure and there are no known vulnerabilities. Unlike L2TP/IPsec, this protocol cannot be blocked by blocking specific ports. It can be configured to run over any port, including the same ports that your Internet browser uses making OpenVPN highly flexible. In such a configuration, there’s really no way to differentiate it from any other traffic on the Internet. The main features are:
- Like L2TP/IPsec, OpenVPN can use AES256 encryption, making it exceptionally safe. It can use other forms of encryption, as well.
- OpenVPN uses the SSL/TLS encryption protocols.
- OpenVPN is rapidly becoming the standard for everyday VPN users. The protocol is so secure and reliable that it can be used for very sensitive data transfer, however.
- This is the best-performing VPN protocol, in fact, which means that you can get the highest level of encryption without the slowdowns in performance that you’ll sometimes see withL2TP/IPsec encryption. This is especially true when OpenVPN is run using UDP instead of TCP.
- OpenVPN requires that you do install software on your computer. It’s not shipped with any operating system as a standard protocol, as is L2TP/IPsec. Some VPN providers charge an additional fee for this level of security.
SSTP VPN Explained – SSTP vs PPTP vs OpenVPN vs L2TP
SSTP is a Microsoft product that replaces PPTP. It’s not as versatile as OpenVPN. The main advantage is that you don’t have to install anything on Windows 7 or later operating systems. It’s not backward compatible with XP, however.
The Final Analysis - PPTP vs L2TP vs OpenVPN vs SSTP
Which protocol is best for you will come down to your usage and habits. There are some things to keep in mind about how these work and how they affect your privacy.
PPTP is usually fine for most users. Even if you’re using a system that’s typically subjected to traffic shaping by ISPs, such as BitTorrent, you can rely on PPTP to conceal what you’re doing. The problem with this protocol, however, is that someone with the knowledge and motivation can get through your security and that the information about how to accomplish that is widely kwon and has been for some time. So, for PPTP, the end result is that it’s fine for non-secure use when you just want to avoid being subjected to deep packet inspection and other ISP policies but it’s not suitable for very sensitive data.
L2TP/IPsec is an excellent protocol. If you have the processer capacity to handle the extra lifting your computer has to do for decryption—most modern computers will do this just fine—it’s a great option. It’s also usually available as one of the standard options from VPN providers. It’s also supported by most technologies already. It’s not as good for cellular networks, however. It tends to have trouble with packet loss, which is a big issue on mobile networks.
OpenVPN can realistically be called the future of VPN at this point. It’s not supported by operating systems yet, hence the need to install a client. it is, however, open source, which means that anyone and everyone is free to use it, distribute it and develop it as much as they wish.
Open VPN also supports the highest-level encryption standards in the world, which is a significant advantage for this protocol when it’s compared with others. The only disadvantage aside from a potentially more complicated setup is the fact that some VPN service providers will charge you more for this protocol, though that may change as it becomes commonplace.
You shouldn’t have any performance issues with any of these protocols. The good/bad is as follows, however:
- PPTP: Very fast/Very Easily Hacked
- L2TP/IPsec: Very secure/Can be blocked from specific ports
- OpenVPN: Very secure/Requires Additional Software
Your Security and Privacy Needs
If your biggest concern is security, you need to go with L2TP/IPsec or OpenVPN. There’s no way around it. PPTP will not do. If you’re most concerned with convenience and speed, you’ll want to go with PPTP or OpenVPN.
The thing to keep in mind is that, since OpenVPN came about, there’s no need to think that you have to sacrifice security for speed. In fact, OpenVPN brings together the great speed of PPTP with the security of L2TP/IPsec, so the best of both worlds is certainly available!