OpenVPN – PPTP – L2TP – SSTP – IKEv2: A Comparison

VPN protocols are in the list of the main aspects that you will come across while searching for a VPN. Protocols play a crucial part in the security of your connection, but as revealed by Edward Snowden, the NSA has consistently attempted to compromise encryption technologies. In order to understand better VPN protocols, we will go through the VPN protocols available and the most important differences between them. We will also address essential aspects of cryptography and how your VPN connection can be affected by the NSA’s efforts to crack encryption standards.


OpenVPN employs OpenSSL library and SSLv3/TLSv1 protocols in combination with other technologies that ensure that it is a secure protocol. It provides flexibility and while it is most effective on a UDP port, it can be configured easily on almost any port, including TCP port 443. Blocking OpenVPN is extremely challenging due to the fact that differentiating between traffic that passes through it and traffic that uses standard HTTPS over SSL, is practically impossible.

The OpenSSL library used for encryption purposes, supports multiple cryptographic algorithms including AES, Blowfish, 3DES, Camellia and CAST-128. Most VPN providers use AES and Blowfish and 128-bit Blowfish is the standard cypher in OpenVPN. Although Blowfish is generally considered as secure, there are some concerns about weak keys and other vulnerabilities. Blowfish’s successors such as Twofish and Threefish provide better security.

AES (Advanced Encryption Standard) is the most recent technology and it doesn’t have any known weaknesses. Many see it as the highest standard of encryption to preserve the privacy and security of traffic. AES is more effective than Blowfish at handling large files. However, like Blowfish, AES was certified by the NIST (National Institute of Standards and Technology), a US government organization. This could mean that backdoors could have been installed on these standards to facilitate intervention from the NSA.

While OpenVPN is not supported by default but ant platform, it has become the standard in VPN security and it is compatible with most platforms, even iOS and Android. The main issues with OpenVPN is that it can be slower (although its speed depends on the level of encryption used) and its configuration is not simple. Many VPN providers have addressed the configuration challenges by offering dedicated VPN software.

An important advantage of OpenVPN is that since it is open source, it can be independently audited to make sure that backdoors have not been installed. In addition, it is not likely that the NSA has managed to compromise it yet, which confirms its place as the most secure protocol available.


PPTP stands for Point-to-Point Tunneling Protocol and it was developed by a consortium established by Microsoft and that included Ascend Communications and other companies. It was set to create VPN over dial-up networks and this has ensured its steady place as the standard solution for internal businesses. PPTP is only a VPN protocol and it employs a variety of authentication methods (such as MS-CHAP v2, which is the most popular option) to offer security. PPTP is the standard protocol on almost every platform and device that supports VPN. Since it is very easy to set up, fast to implement and doesn’t require the installation of additional software, PPTP is still widely used by businesses and VPN providers.

The problem is that it has been established that PPTP is affected by multiple security vulnerabilities, which is why it is now considered as a weak protocol. The main issue with PPTP is that it is possible that MS-CHAP v2 authentication is not being encapsulated. This means that in theory, PPTP can be broken within just a couple of days. While this problem has been addressed with the use of PEAP authentication, Microsoft released a recommendation asking VPN users to favor options like L2TP/IPsec or SSTP over PPTP. If security is your priority, PPTP is not the right choice and it is likely that NSA has already broken PPTP encrypted communications.

L2TP and L2TP/IPSec

When L2TP (Layer 2 Tunnel Protocol) is used alone, it doesn’t provide encryption for the traffic that is routed through it. For this reason, it is generally used in combination with the IPsec encryption suite to provide security and privacy protection. All platforms and VPN capable devices currently in use, feature L2TP/IPsec. This makes its setup quite simple. However, L2TP also has its flaws, starting with the fact that it uses UDP port 500. NAT firewalls can easily block this port so advanced configuration like port forwarding is required to make sure that this protocol works well behind a firewall.

That being said, there are not significant weaknesses known in IPsec encryption and if implemented in the right way, it should be secure. Unfortunately, it is likely that the NSA has also managed to compromise L2TP/IPsec and many security experts go as far as affirming that the protocol was probably made easier to crack on purpose during its design stage. In addition, L2TP/IPsec encapsulates data twice, which slows it down, although is it generally faster than OpenVPN.


SSTP (Secure Socket Tunneling Protocol) made its appearance in Windows Vista SP1 and it is mainly a Windows-only technology, although it is also available in Linux, RouterOS and SEIL. SSTP employs SSL v3, allowing it to use TCP port 443 to bypass NAT firewalls. The issue with SSTP is that it is a proprietary standard owned by Microsoft, which means that it is not available for independent examination, making it more likely to be affected with backdoors. However, it is worth noting that there is an open source SSTP GUI client called iSSTP, which is compatible with Mac OS X.


Based in IPsec, IKEv2 (Internet Key Exchange version 2) is a tunnelling protocol that was developed as a combined effort of Microsoft and Cisco. It is implemented by default in Windows 7 and above. IKEv2 is pretty much the only option supported by Blackberry devices and there are version created independently for Linux (through multiple open source implementations) and other platforms. Although the proprietary nature of the protocol makes it vulnerable to backdoors, its open source versions are more secure.

One of the best aspects of IKEv2 or VPN Connect (as Microsoft calls it) is that it does a good job at automatically re-establishing a connection when a user is temporarily disconnected from internet. This feature, along with the fact that it is flexible when it comes to changing networks (thanks to its support for Mobility and Multihoming MOBIKE protocol) makes it a good solution for mobile devices.

Additional considerations/ Risks

Encryption Key length

The number of ones and zeros in a cipher is known as Key length. This is the basic method to calculate how long would it take for a cipher to be broken. The crudest form of attacking a cipher is brute force attack (also known as exhaustive key search) because it involves attempting every possible combination of keys until the right one is found. In most cases, VPN providers use encryption between 128-bits and 256-bits in key length, but higher levels would be employed for data authentication and handshake.

Although 256-bit is stronger than 128-bit encryption, it should be noted that is estimated that the world’s most powerful supercomputer at this time (the NUDT Tianhe-2 located in China), could take around a third of a billion years to crack a 128-bit AES key cipher. This is already impressive, but cracking a 256-bit would take almost twice that. However, we need to keep in mind that the information leaked by Edward Snowden showed that the NSA has vast resources and technology available, which could facilitate the task of breaking this encryption.


Ciphers are the algorithms used to encrypt traffic. If encryption is compromised, it is likely because of vulnerabilities in these algorithms, instead of the key length. The most used cipher in VPN encryption are Blowfish and AES. RSA is used to encrypt and decrypt a cipher’s keys and SHA-1 or SHA-2 play a role on data authentication. Although the security and reliability of AES are widely recognized and this is the standard used by the US government to protect its own confidential data, there are some aspects the should be considered as exposed below.

NIST Standards

We referred earlier on to the NIST. This US organization collaborated with the NSA in the development of its ciphers and AES, RSA, SHA-1 and SHA-2 were either developed or certified by this institute. This means that it is not possible to guarantee the security of these standards since the NSA is known for its attempts to weaken or infiltrate technology to facilitate its surveillance programs.

NIST has categorically denied any involvement of the possible weakening of its cryptographic standards and it has attempted to gain the trust of the public opinion by inviting peopke to participate in the development of a series of proposed encryption standards. However, the controversy surrounding encryption standards approved by NISTis still ongoing.

While NIST encryption standards such as Dual_E_DRBG are considered as insecure and security experts have exposed concerns about backdoors in the algorithm, it is still being used in the cryptographic libraries of products by companies like Symantec, Cisco, Microsoft and RSA. This is because one of the requirements to obtain a contract with the US government is to be in compliance with NIST standards.

Even more worrying is the fact that these standards are used in a large number of companies and industries worldwide. Many companies rely on this standards for their everyday operation, which means that it is unlikely that they would consider to stop using them. However, since there is an increasing need to protect privacy and to keep data secure from surveillance and eavesdropping, we may see more companies looking for alternatives to NIST technology in the future.

NSA/GHCQ threats RSA key encryption

Organizations like the NSA and the GCHQ have become known enemies to online privacy and freedom and as revealed by Edward Snowden, they have work to identify the encryption keys that can be broken by their technology resources. It has been established that 1024-bit RSA encryption, which is commonly used to protect certificate keys, is not as secure as previously thought. In fact, it can be cracked faster by the NSA and the GHCQ. Once a certificate key is decrypted, all traffic (current and previous) could be exposed, unless temporary key exchange is in use.

Many forms of encryption including SSL and TLS, depend on certificates and non-temporary keys are vulnerable. This presents serious concerns over the security of HTTPS traffic. However, since OpenVPN uses temporary or ephemeral key exchanges, it wouldn’t be compromised. Ephemeral key exchanges generate a new key for every exchange, which means that it doesn’t depend on certificates. Even if someone manages to get the private key of a certificate. they won’y have the possibility of decrypting the communication. In order to provide higher security, many VPN providers offer key encryption of 2048-bits or 4096-bits.

Perfect Forward Secrecy

Perfect Forward Secrecy, commonly known as PFS offers a good option to improve the security of websites. Implementing this system that generates a new, unique private encryption key for each session, could enhance privacy. However, at this time the use of PFS is still limited and Google is one of the only big companies that has implemented it so far.


Overall, OpenVPN is the most secure protocol available and while it is not as easy to set up, it should be the first choice whenever possible. PPTP offers simple setup and L2TP/IPsec is compatible with a wide range of platforms and devices. However, they are not as secure as OpenVPN and are likely to have been compromised by the NSA. SSTP is a more secure option and there is an open source version available. However, its proprietary versions for Windows are vulnerable to backdoors. IKEv2 is secure and fast, as long as its open source alternatives are used. It is a convenient solution for mobile device users. Since many companies and particularly, VPN providers are focused on privacy and security, it is likely that we see the implementation of alternatives to NIST standards. In summary, it is advisable to stick to using OpenVPN. Just keep in mind that there is a feature in Chrome and Firefox called WebRTC, which lets websites execute JavaScript code within your browser when you visit them, This could reveal your actual IP, even if you are using a VPN. This is why it is advisable to use Firefox with WebRTC disabled. You can find more in “What is the WebRTC VPN Issue and How to Fix it”.

We will be happy to hear your thoughts

Leave a reply