What is a VPN?
A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet.
If you’re looking for a VPN provider or setting up your own VPN, you’ll need to choose a protocol. Some VPN providers may even provider you with a choice of protocols.
PPTP
Point-to-point tunneling protocol is a common protocol because it’s been implemented in Windows in various forms since Windows 95. PPTP has many known security issues, and it’s likely that intelligence agencies and hackers can decrypt these “secure” connections. That means attackers and more repressive governments would have an easier way to compromise these connections.
Yes, PPTP is common and easy to set up. PPTP clients are built into many platforms, including Windows. That’s the only advantage, and it’s not worth it.
In Summary: PPTP is old and vulnerable, although integrated into common operating systems and easy to set up.
OpenVPN
OpenVPN uses open source technologies like the OpenSSL encryption library and SSL v3/TLS v1 protocols. It can be configured to run on any port, so you could configure a server to work over TCP port 443. The OpenSSL VPN traffic would then be practically indistinguishable from standard HTTPS traffic that occurs when you connect to a secure website. This makes it difficult to block completely.
It’s very configurable, and will be most secure if it’s set to use AES encryption instead of the weaker Blowfish encryption. OpenVPN has become a popular standard. We’ve seen no serious concerns that anyone has compromised OpenVPN connections.
OpenVPN support isn’t integrated into popular desktop or mobile operating systems. Connecting to an OpenVPN network requires a third-party application — either a desktop application or a mobile app.
In Summary: OpenVPN is new and secure, although you will need to install a third-party application.
L2TP/IPsec
Layer 2 Tunnel Protocol is a VPN protocol that doesn’t offer any encryption. That’s why it’s usually implemented along with IPsec encryption. As it’s built into modern desktop operating systems and mobile devices, it’s fairly easy to implement. But it uses UDP port 500 — that means it can’t be disguised on another port, like OpenVPN can. It’s much easier to block and harder to get around firewalls with.
IPsec encryption should be secure, theoretically. It is a slower solution than OpenVPN. The traffic must be converted into L2TP form, and then encryption added on top with IPsec. It’s a two-step process.
In Summary: L2TP/IPsec is theoretically secure, but there are some concerns. It’s easy to set up, but has trouble getting around firewalls and isn’t as efficient as OpenVPN.
SSTP
Secure Socket Tunneling Protocol was introduced in Windows Vista Service Pack 1. It’s a proprietary Microsoft protocol, and is best supported on Windows. It may be more stable on Windows because it’s integrated into the operating system whereas OpenVPN isn’t — that’s the biggest potential advantage. Some support for it is available on other operating systems, but it’s nowhere near as widespread.
It can be configured to use very secure AES encryption, which is good. For Windows users, it’s certainly better than PPTP — but, as it’s a proprietary protocol, it isn’t subject to the independent audits OpenVPN is subject to. Because it uses SSL v3 like OpenVPN, it has similar abilities to bypass firewalls and should work better for this than L2TP/IPsec or PPTP.
In Summary: It’s like OpenVPN, but mostly just for Windows and can’t be audited as fully.
OpenVPN seems to be the best option. If you have to use another protocol on Windows, SSTP is the ideal one to choose. If only L2TP/IPsec or PPTP are available, use L2TP/IPsec. Avoid PPTP if possible — unless you absolutely have to connect to a VPN server that only allows that ancient protocol.
