About Teletype
Join
EMV
@ewm_links
May 31, 2023

Choosing a VPN protocol. Comparing OpenVPN, PPTP, L2TP/IPsec and IPsec IKEv2

All presented information is informative only and does not urge you to act in violation of the law!

Tunneling Protocol

As a rule, the choice of VPN begins with the choice of tunneling protocol (hereinafter PT). Today there are several PT variants for implementing a virtual private network: OpenVPN, PPTP, L2TP/IPsec, IPsec IKEv2 and others, which are not widely used. We must say right away that it is not quite correct to call OpenVPN a tunneling protocol; it is a software for creating virtual networks, but let it be a protocol, to avoid confusion.

What is a protocol? Imagine the situation: you have met a person and you want to talk to him, but you speak different languages. Of course, you won't understand each other and we can't talk about any full-fledged interaction. The protocol is the language of interaction, in this case between the computer and the VPN server.

PPTP

PPTP is the first protocol supported on the Windows platform. The protocol has weak encryption and can be hacked both by special services and qualified intruders. Of the pluses, it is worth noting the lack of need to install additional software and the speed of operation. PPTP VPN requires minimal resources and in comparison with OpenVPN it hardly uses any power when used on mobile devices.

Why is this protocol still in use? Its main problem is weak protection of the key transfer, but it doesn't mean that anyone can break the encryption. PPTP has its advantages: it is easy to set up and use, it is not bad protection and the IP-address can be changed. PPTP may not be the most secure protocol, but it's definitely better than nothing.

L2TP/IPsec

What you need to know about it:

  • it is slower than others because of double encapsulation (an IPsec tunnel is created, and data goes through L2TP);
  • it uses standard ports, so it can be easily blocked by your ISP or system administrator;
  • operating systems have built-in support for this technology, there is no need to install additional software;
  • if configured correctly, there is no information about the ability to decrypt data.

I do not recommend and do not use because of speed.

IPsec IKEv2

What is IKEv2 in this bundle? It is, to put it very simply, authorization through a certificate, and it is unfortunately not supported by all devices.

What you need to know about it:

  • works faster than L2TP/IPsec, comparable to OpenVPN, slower than PPTP;
  • not supported by all operating systems (although IPsec itself is supported everywhere);
  • if properly configured, it can not be decrypted by neither intelligence agencies, nor intruders (at least, so it is considered among IT-specialists).

It is worth mentioning the support of IPsec on all popular operating systems as a positive thing. But there is another opinion about it: unlike built-in disk encryption systems, the presence of built-in IPsec systems did not cause outrage from the security services. It was implemented even in Windows, which has always refrained from data protection tools unavailable for hacking by the intelligence services. This fact seems suspicious to many.

OpenVPN

OpenVPN is a free, open-source solution that most experts agree is the best solution for creating a private virtual network (VPN) today.

What you should know about OpenVPN:

  • is not part of the standard distributions of modern operating systems, so it requires the installation of additional software;
  • If properly configured, it can not be decrypted by neither intelligence agencies nor intruders;
  • It is difficult to block in case of non-standard settings.

Yes, OpenVPN requires installing additional software, but it is a time-tested open-source software, the installation and configuration of which will not create problems even for a novice. OpenVPN works on all modern operating systems: Windows, macOS, Linux, Android, iOS.

Selecting a transport protocol for OpenVPN. TCP or UDP?

Encrypted information created with OpenVPN can be transmitted via one of two protocols: UDP or TCP. VPN providers usually offer both options, accompanying them with the comment "TCP is more reliable, UDP is faster.

Imagine you're cutting down a forest to build a house and you need to carry the felled trees down the river to the building site. You could just toss them into the water and your helper would catch them at the construction site - that would be the quickest and easiest way to do it. But if a log gets stuck in the delivery process or is stolen, you won't know it unless you don't have enough logs to build a house.

And if you give each log a number and your helper calls after each log is received to notify you that it was delivered successfully, in which case, even if some logs are lost, you will know immediately and send a replacement. But agree, this way of sending logs will take more time, and therefore, if the river is wide and not winding, it is better to use a simple and fast way.

The situation is similar in the choice of protocol:

  • UDP is the fast way without packet delivery confirmation, I recommend it if you have a stable Internet.
  • TCP is not as fast, but each packet delivery is confirmed, it is recommended in case of bad connection.

TCP is needed when UDP traffic is blocked by provider or router settings. Alternatively, OpenVPN TCP on port 443 cannot be blocked because this port is used for all HTTPS connections, and users simply will not be able to open sites.

I put OpenVPN UDP in my solutions, but if I cannot connect using UDP for 15 seconds, the TCP connection is automatically started.

EMV
May 31, 2023, 12:14
0 views
0 reactions
0 reposts