What is safer, PPTP, L2TP / IPsec and OpenVPN?

What is safer, PPTP, L2TP / IPsec and OpenVPN?

Overview of PPTP, L2TP / IPsec, and OpenVPN

After purchasing a VPN tariff on our site, you can connect to the VPN using three different technologies: PPtP, L2TP / IPSec and OpenVPN. However, not everyone understands the differences in the security of these technologies. Let's look at the mentioned technologies and see which technology is safer from the point of view of encryption of traffic.

Before considering each technology separately, I would like to tell you about encryption.

When sending traffic in the clear, the data from the sender to the recipient and back is not encrypted, so anyone who has minimal knowledge in the field of network technologies can read the data that is transmitted. For example, you fill out the login and password form on the site and click the "Sign In" button. If traffic to the Web server is transmitted via http protocol, then the attacker who intercepts traffic recognizes your input by analyzing the packet sent.

On the contrary, if traffic is transmitted over the https protocol, the traffic is hidden by encryption, which can only be decrypted using a key. Therefore, an attacker, before you see the data from the form of authorization you filled in on the site, will have to either decode, or somehow get hold of the key for decryption.

The main criterion of the key is its length. At the moment there are a lot of keys of different length, for example 112, 128, 256, 1024, 2048 and even 3,072 bits. It is almost impossible to meet keys longer than 128 bits today. All the salt is, it's impossible to crack a 128-bit key in the foreseeable future. Confirmation of this simple mathematics, using a supercomputer with a capacity of 10.51 petaflops, we need 1.02x10 ^ 18 or almost 1 billion years, to crack the key by busting.

It is worth noting that the connection type OpenVPN of our VPN provider uses a 1024 bit key length, so you can be sure that the data transferred by you through our servers is securely encrypted for billions of years.

Now let's look at the types of VPN connections that we provide.

PPTP

Point-to-Point Tunneling Protocol, or point-to-point tunneling protocol - allows a computer to establish a connection to the server by creating a tunnel. The first company to implement this protocol was Cisco. However, later they licensed this protocol to Microsoft. Thanks to Microsoft, this protocol was massively implemented in almost all operating systems and became the standard protocol for building a VPN.

When configuring VPN using this protocol, you will be asked to choose 128-bit encryption. However, this does not justify the fact that the protocol is very vulnerable. After the protocol became available on Windows in 1999, a number of vulnerabilities were found. Including the vulnerability of the authentication protocol MS-CHAP v.2, exploiting which PPTP was hacked for 2 days. And this is just one example, the list of vulnerabilities of this protocol is very large. Paradoxically, even Microsoft itself recommends not using PPTP, if possible.

Only because of the prevalence of the PPTP protocol, as well as the fact that the VPN using this protocol is very easy to configure, we realized its support by our provider. Using PPTP is suitable for normal surfing on the Internet, when you do not need to enter any authorization data, or transmit important information.

Summarize:

Benefits:
• PPTP is the most accessible protocol, because it is built into almost all OSes;
• VPN based on PPTP is very easy to configure;
• Due to the ease of implementation, it works quickly.

Disadvantages:
• Despite the encryption used, it is very vulnerable


L2TP and L2TP / IPsec

Layer 2 Tunnel Protocol or Layer 2 Tunneling Protocol - a protocol designed specifically for VPNs as a secure alternative to PPTP. It's worth noting that L2TP itself does not encrypt traffic, so the developers realized the ability to use it with the IPec protocol for encryption.

The protocol is developed, or more correctly expressed as a glue, by Microsoft (PPTP) and Cisco (L2TP). And again, because of participation in the development of Microsoft, the protocol could be used first in its operating systems, and then almost in all others. Today, the protocol is supported by all devices.

The protocol is encrypted with a 256-bit key using the AES algorithm. At the same time, in the VPN using L2TP / IPsec, there are still no critical vulnerabilities that can help in decrypting traffic.

The only drawback of L2TP / IPsec is that by this protocol the packet that is sent twice is encapsulated (packed), so in theory this protocol is considered slow, but in practice, you practically will not feel the difference.

Summarize:

Benefits:
• Very reliable and safe;
• Just as PPTP is very easy to configure;
• Available in almost all modern operating systems;

Disadvantages:
• Runs slower than PPTP and OpenVPN.


OpenVPN

OpenVPN is an open source technology specifically designed to create an encrypted point-to-point VPN connection and a client server. The client was developed relatively recently. At the moment it is supported by almost all operating systems of personal computers.

It is important to note that since the development in 2002, technology has not found any vulnerabilities. This is a very good indicator. And given that the encryption of data is provided by the OpenSSL library and the SSLv3 / TLSv1 protocols about the security of this technology transmitted through the VPN, you need not worry. The protocol supports a variety of encryption algorithms, such as AES, Blowfish, 3DES, CAST-128, Camelia and the like.

It's worth noting that unlike the standard PPTP and L2TP / IPsec protocols, OpenVPN is very flexible in the configuration. Because PPTP and L2TP / IPsec are standard protocols, providers can easily block them. VPN using OpenVPN technology can be configured to work through the 443 port or any other port, thus masquerading as normal HTTPS TCP traffic. So the provider will be more difficult to block such traffic.

Naturally, because of the ease of implementation, this protocol works faster than L2TP / IPsec and even PPTP.

The only drawback so far is that the protocol does not work very well with mobile operating systems iOS and Android. However, this problem is being solved.

Let's sum up:

Benefits:
• Very flexible in the configuration, so you can disguise as normal TCP traffic;
• High level of security;
• Almost any encryption algorithm can be configured.

Disadvantages:
• Can be difficult to configure;
• Works poorly with mobile operating systems.

In this review, PPTP, L2TP / IPsec and OpenVPN can be considered complete. Let's draw a conclusion:

VPN based on the PPTP protocol is very easy to configure, although it is not very secure. We do not recommend you to use it if you do not have the opportunity to configure VPN through L2TP / IPsec and OpenVPN protocols, or if you do not worry about the safety of your data.

VPN based on the L2TP / IPsec protocol is the best solution for mobile devices. It is very easy to configure is safe. But in theory it works a little slower than PPTP. It is also a very good solution for personal computers in terms of ease of configuration.

VPN based on the OpenVPN protocol is the ideal solution for personal computers in terms of security. Setting up a VPN based on this protocol can be complicated by downloading the application, but this is not a big disadvantage. Support for mobile devices has not yet been fully implemented, but soon it should be fixed.