Difference Between the Different VPN Protocols

Whether you’ve decided to set up your own VPN or you’re thinking of going with an existing provider, you’ll need to consider which protocol is right for your day-to-day requirements.

The type of protocol you decide on depends on factors like the level of security you need, the type of system and/or devices you use, and whether you’re a business or personal user.

Many VPN providers offer multiple protocols, so we’ve listed some of the different types available – and the pros and cons of using them – to help you decide on the one that’s right for you.

Difference Between the Different VPN Protocols

PPTP

PPTP (Point-to-Point Tunneling) is most typically used on aged systems and outdated devices, as it’s been available since circa Windows 95. It comes with easy installation and is available on Mac and Linux, as well as Windows.

Due to its good speeds, PPTP is the choice for many businesses and personal users, but it comes with a major flaw: security. It has several security vulnerabilities, and while it may operate faster than other protocols, and it comes built into many different platforms, it’s likely exposed to snooping from hackers; as well as the NSA.

Really, PPTP should only be used for high-speed, low-risk browsing – for activities like geo-spoofing for streaming services.

Pros Cons
  • Offers faster speeds than most other protocols
  • Easy to set up
  • Available on multiple systems
  • Provides only basic levels of security
  • Easily compromised by hackers and federal agencies
  • It’s an outdated system

As L2TP (Layer 2 Tunnel Protocol) comes without any encryption, it needs to be applied with an IPsec encryption. While this might not be ideal for the download-and-go user, the level of encryption is good for corporates. Once the IPsec is implemented, it becomes a highly secure connection.

It comes built in to modern systems and mobile devices, similar to PPTP. But as it uses multiple ports, it can be somewhat difficult to set up with a router. If the device you use supports the OpenVPN protocol, there’s not much need to use L2TP. While slightly slower than PPTP, it overcomes many of the security vulnerabilities PPTP has, and is much more secure. But it doesn’t offer the level of security OpenVPN does, nor the speed.

More security is necessary for businesses or personal users, like P2P sharers, so anyone with the ability to configure the IPsec encryption would benefit from this protocol.

Pros Cons
  • Offers a nice balance between speed and security
  • Good for mobile devices
  • Delivers superior security to the PPTP protocol
  • Can be difficult to configure
  • Only better for devices not compatible with OpenVPN
  • Only provides encryption when traffic is implemented with an IPsec
  • Can conflict with firewalls

OpenVPN

OpenVPN is a solid choice for anyone using a Site-to-Site or a Remote-Access VPN. By using a custom security protocol, based on SSL and TLS protocols, it provides users with a robust solution to cyber security.

OpenVPN is a very flexible protocol. While it runs most optimally on a UDP port, it can actually be configured to run on any port. That’s what makes it so difficult for services such as Google to block them.

Out of them all, OpenVPN definitely provides the best level of security. While the level of security that it offers comes at a cost with speed, it’s still faster than most of the other protocols. Though it’s considered that some protocols are at risk of being compromised by the NSA, OpenVPN is assumed to be immune due to its use of key exchanges.

Pros Cons
  • Offers faster speeds than L2TP
  • Has the capability to bypass most of your firewall’s restrictions
  • Makes it difficult for services like Google to block them
  • Can easily be vetted for backdoors
  • Can be configured on any port
  • Useful for users of remote-access and site-to-site VPNs
  • Support for mobile devices is currently very limited compared to desktop
  • Use requires third-party software to be installed with the OpenVPN
  • Can often be difficult for users to set up

SSTP

SSTP (Secure Socket Tunneling Protocol) first came on the scene in the Windows Vista Service Pack 1. It’s often considered more reliable than OpenVPN if you’re a Windows user, as it comes integrated in the system; whereas OpenVPN doesn’t.

By transporting traffic through an SSL/TLS (Secure Sockets Layer/Transport Layer Security) channel, the SSTP protocol provides reliable security along with quality encryption and key negotiation. Doing this also allows the protocol to bypass almost all firewall and proxy servers.

As user access is restricted with this protocol, it’s ideal for service providers such as online retailers. This owes largely to the fact that it can configure to an AES encryption which ensures a highly secure connection.

Pros Cons
  • Likely performs better than OpenVPN on Windows as it comes already integrated
  • Bypasses most firewalls and proxy servers
  • Can be configured to a secure AES encryption, making it more reliable than L2TP/IPsec
  • More effective than PPTP
  • Can’t be audited for backdoors as it’s a product of Microsoft
  • Only performs optimally on Windows
  • Microsoft has a known history of cooperation with the NSA
  • Not as trustworthy as some of the neutral providers

IKEv2

Co-created by Microsoft and Cisco, IKEv2 (Internet Key Exchange Version 2) is an IPsec-based tunneling protocol. It comes pre-installed into many of the later additions of Windows, and offers open-source implementations for platforms like Linux.

It’s one of the few protocols that support mobile platforms like Blackberry. And while it exists on much less platforms than IPsec, it’s considered a fair contender when it comes to both reliable performance and security.

Pros Cons
  • Easy to set up and it offers a stable connection
  • Mostly faster than L2TP, SSTP and PPTP
  • Offers extensive support to a number of ciphers due to its high level of security
  • Comes with added support for Blackberry devices
  • Only available on a limited number of platforms
  • Implementing the IKEv2 can often be difficult, and getting it wrong can lead to a number of issues
  • The port IKEv2 uses, UDP Port 500, is incredibly easy for major services to block
  • Not open source