PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2

Encryption Keys

Personal VPN services offer a variety of different protocols to connect your devices with.  These include PPTP, L2TP/IPsec, OpenVPN, SSTP, and IKEv2.  Each of these connection types it discussed in more detail below to help you to choose the best one for your purpose.  The way they handle your security and privacy is also explained as well as the level of encryption offered by each.

Point to Point Tunneling Protocol

First, let us look at the oldest and least secure of the tunneling protocols PPTP. The “point-to-point” part of the term refers to the connection created by PPTP.  It allows one point (the user’s device) to access another specific point (VPN server) over the Internet.  The “tunneling” part of the term refers to the way one protocol is encapsulated within another protocol.  In PPTP, the point-to-point protocol (PPP) is wrapped inside the transmission control protocol/internet protocol (TCP/IP), which provides the Internet connection. Therefore, even though the connection is created over the Internet, the PPTP TCP connection mimics a direct link between your device and the VPN server. This TCP connection is then used to initiate and manage a second Generic Routing Encapsulation (GRE) tunnel to the same VPN server. GRE is a client protocol of IP which uses IP protocol 47.  The IP encapsulated GRE packets are then transmitted through the GRE tunnel to the VPN server and vice-versa.

PPTP was first developed by consortium consisting of Microsoft, 3Com, and others.  It supports only at most 128-bit encryption keys.  It was introduced in 1995 and has been plagued with security concerns since its inception.  PPTP has supported various authentication protocols (PAP, CHAP, MS-CHAP v1/v2, and EAP-TLS).  Each of these has faced security vulnerabilities in turn. In 2012, a serious vulnerability was found in MS-CHAP v2 which allowed the possibility of unencapsulated MS-CHAP v2 authentication.  This meant a hacker who intercepted the MS-CHAP v2 handshake, either through open Wi-Fi traffic or using a man-in-the-middle attack could use the code to decrypt the user credentials.  Once a hacker had these credentials, he could then access the network resources.

Microsoft’s solution for this is to use Protected Extensible Authentication Protocol (PEAP) and thus encapsulating the MS-CHAP v2 authentication traffic in Transport Layer Security (TLS).  EAP-TLS is seen as the best authentication choice for PPTP.  However, it requires implementation of a public-key infrastructure for both client and server certificates.  As such it has not been looked at as a viable solution for many VPNs.  Encryption for PPTP is handled using MPPE which generally uses Riverst Cipher 4 (RC4).

Most VPN implementations configure their VPN connections for PPTP as follows:

  • Password – stronger is better, max 128-bit
  • MPPE-128 encryption – This is usually RSA RC4 encryption with a 128-bit key
    • MPPE provides data security for the PPTP connection that is between your device and the VPN server and vice-versa.
    • One key is used to encrypt traffic on your device and decrypt it on the server.
    • A separate, different key is used to encrypt traffic on the VPN server and decrypt it on your device.
  • Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) authentication
    • MS-CHAP v2 uses both a unique session identifier and user credentials to generate two 128-bit encryption keys.  EAP-TLS is better for authentication if available.
    • It uses a Secure Hash Algorithm SHA-1 for client-server authentication because it is faster because it uses less computer resources than other hashes.

As we previously stated PPTP is the least secure of the VPN connection protocols.  This is because SHA-1, the RSA RC4 encryption algorithm, and the MS-CHAP v2 handshake all have security vulnerabilities.  However, because its implementation uses less computer resources, it is generally one of the fastest VPN connection types.  Because of this, it is only recommended for uses like streaming media where security is not your primary concern or for devices where no other connection protocol is supported.

Layer 2 Tunneling Protocol/Internet Protocol Security (L2TP/IPsec)

L2TP is a combination of Microsoft’s PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc.  L2TP represents the best features of both.  L2TP is a tunneling protocol supported by many VPN providers.  However, it does not have any built-in security of its own.  This means that, by itself, it cannot provide any encryption or confidentiality to your traffic that passes through it.  For this reason, it is used with the IPsec encryption suite which provides confidentiality, authentication, and integrity to your VPN traffic.

The handshake process that most VPNs use to implement secure L2TP/IPsec is as follows:

  • Negotiation of IPsec Security Association (SA), typically through Internet Key Exchange (IKE).
    • This is carried out over UDP port 500, and usually uses a secret “pre-shared key” , although other keying methods exist.
  • Establishment of Encapsulating Security Payload (ESP) communication in transport mode.
    • The IP protocol number for ESP is 50.
    • At this point, a secure channel has been established, but no L2TP tunnel.
  • Negotiation and establishment of L2TP tunnel between the SA endpoints.
    • The actual negotiation of parameters takes place over the SA’s secure channel, within the IPsec encryption.
    • Now a secure L2TP tunnel has been established.

When this process completes, the L2TP data packets are encapsulated inside IPsec.  This means that no internal network information can be obtained from the encrypted packet.  This is what provides the security to all your internet traffic and insures your confidentiality while using the VPN service.

L2TP/IPsec is built-in to many modern operating systems and VPN capable devices.  It is just as easy to set up as PPTP.  However, because the L2TP protocol uses UDP port 500, it is easily blocked by NAT firewalls.  This limitation can be overcome if the VPN supports port forwarding which will let you change the default port, making it harder to block.

IPsec encryption has no major known vulnerabilities, and if properly implemented is still considered secure by most.  However, Edward Snowden’s revelations have strongly hinted at the standard being compromised by the NSA, not by breaking the encryption but attacking the routers used in its communication for the cryptographic keys.  John Gilmore (security specialist and founding member of the Electronic Frontier Foundation) has stated here that it may have been deliberately weakened during its design phase by the NSA.  Bruce Schneier (a well known cryptologist) in his evaluation of the IPsec said that it was inherently insecure because of its complexity, which made it nearly impossible to crypto analyze it from a security standpoint.  Lastly because L2TP/IPsec encapsulates the data two times, it is slower that SSL based VPN connections like OpenvPN.

OpenVPN

OpenVPN is an open source software application that uses the OpenSSL library and SSLv3/TSLv1 security protocols.  It was written by James Yonan and released in 2001 under the open license agreement.

Personal VPN services have embraced Open VPN technology as one of their primary protocols because it is highly configurable.  For example, although it runs faster on a UDP port since it does not require reliability, it can be run using any ports.  This includes TCP Port 443, which is the standard port for Internet traffic using HTTPS over SSL.  This makes it hard for firewalls to be able to tell your VPN traffic from normal HTTPS traffic which makes it nearly impossible for them to block it if implemented correctly.

Another advantage of OpenVPN is its modularity which allows it to take advantage of the latest security protocols as soon the latest OpenSSL library is dynamically linked into it.  This means that OpenVPN provides encryption support for a large number of cryptographic algorithms including AES, Blowfish, 3DES, Camellia, and others.  This includes access to the newest ciphers such as AES-256 (Advanced Encryption Standard with a 256 bit key).  It also provides mechanisms that allow utilization of special-purpose hardware accelerators to optimize encryption, decryption, and authentication performance which makes it one of the best performing VPN protocols if configured properly.  The modular design also means that all of the IP tunneling functionality is provided through the TUN/TAP virtual network driver so it can be ported to any OS or device which includes this driver.

Although it is not natively supported by any platform, its modularity has led to its support for many platforms including iOS and Android devices through third party software.  OpenVPN may not be as easy to install as PPTP or L2TP/IPsec because you not only have to download and install the client, but also configuration files for the VPN servers.  Some VPN providers get around this by providing customized VPN clients to make it easier for their users.  This along with previously mentioned advantages, and the fact that OpenVPN is fast, stable, and cross platform compatible has gradually helped it become the default connection choice for personal VPN services.  How fast OpenVPN performs is dependent on the level of encryption you use, but it is usually faster that IPsec based protocols.

As far as we know OpenVPN has not been compromised or weakened by the NSA.  Also, thanks to it being implemented using ephemeral keys (keys generated randomly, used for a certain amount of time, and then discarded and securely deleted), it seems likely that it will remain immune to NSA attacks on its RSA Handshake encryption keys.  Although no one can say for a certainty, empirical evidence and cryto mathematics strongly indicate that VPN connections based on OpenVPN implemented with a strong cipher like AES-128 or AES-256 are really secure, even from the NSA.

OpenVPN secure connections are generally made using a simplified three step process as follows:

  • Challenge handshake encryption – This is the encryption used to establish a secure connection and verify you are really talking to your chosen VPN server and not being tricked into connecting to an attacker’s server.
    • The latest version of SSL/TLS is used to establish the connection.
    • ≥ 2048-bit RSA certificate verification to authenticate the server signature preferably through SHA-256 or SHA-512.
    • Generation and sharing of ephemeral keys using an algorithm like Diffie-Hellman to ensure forward secrecy of the data transferred.
  • Data encryption – This is the symmetric cipher algorithm with which all of your data is encrypted and decrypted.
    • Algorithms include Blowfish, AES-128, AES-256, 3DES, and others.
    • The symmetric cipher is used with an ephemeral secret key shared between you and the VPN server.
    • This secret key is exchanged with your device during the challenge handshake phase.
  • Data Authentication – This is the message authentication algorithm with which all of your data is authenticated.
    • This is only used to protect you from active attacks like man-in-the-middle attacks
    • SHA-1 – HMAC using Secure Hash Algorithm (160-bit). This is faster but no longer secure.
    • SHA-256 – HMAC using Secure Hash Algorithm (256-bit) is better for data authentication.

After the OpenVPN connection has been established, secure bi-directional Internet traffic between your device and the VPN server is possible.  OpenVPN should be your go to connection choice if encryption, security, and privacy are your main concerns.  It is also you best default connection choice.

Secure Socket Tunneling Protocol (SSTP)

Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is been expanded to run on other platforms, it is still largely a Windows-only platform.  SSTP offers similar advantages to OpenVPN because it uses SSL v3.  Therefore, it can be run on any port including TCP Port 443 which makes it hard for firewalls to detect and block it.  Windows users may find it easier to use and more stable than PPTP or L2TP/IPsec.  It can be very secure if implemented using a strong AES cipher like AES-128, AES-256, and 3DES.

However, it is a proprietary standard owned by Microsoft.  This means that unlike OpenVPN, SSTP’s code is not available for public scrutiny and as such the security of its code cannot be independently verified.  Due to Microsoft’s history of co-operating with the NSA and speculation of back doors, many experts do not have a lot of confidence in the security of this VPN protocol. Consequently, it is not as widely supported by the VPN industry.

Internet Key Exchange (IKEv2)

IKEv2 is a tunneling protocol that uses the IPsec Tunnel Mode protocol over UDP port 500.  An IKEv2 VPN provides resilience to the VPN client when the client moves from one wireless hotspot to another or when it switches from a wireless to a wired connection.  The use of IKEv2 and IPsec allows support for strong authentication and encryption methods.  IKEv2 encapsulates IP datagrams using IPsec ESP headers for transmission over the Internet.  It supports the newest encryption algorithms including AES-128, AES-192, AES-256, and 3DES. Authentication is through HMAC-SHA1.

It was jointly developed by Microsoft and Cisco, and is built into Windows versions 7 and above.  The protocol is also supported by Blackberry devices. Independent open source versions for other platforms are also available. Because of its support for the Mobility and Multihoming (MOBIKE) protocol, IKEv2 is particularly good at automatically re-establishing a VPN connection when users temporarily lose their Internet or when they move between Wi-Fi-connections.  This makes it especially good for iOS and Android users who regularly change hotspots.  Also since it is one of the most secure protocols that many Blackberry users have, they can especially benefit from its use.  It is not supported on as many devices, but it is as good or better than IPsec in terms of security, speed, and reliability.  IKEv2 is also not supported by a large number of VPN providers but provides a good option for Blackberry and some mobile users if offered.