PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2

With Edward Snowden’s shocking revelations that the NSA has for years been working to crack and subvert VPN encryption technologies, together with the fact that it is becoming increasingly obvious that most such technologies have been developed and certified by the US government’s National Institute of Standards and Technology (NIST) and may therefore be considered suspect, we have decided it is time to revisit and update this popular article.

We will start with a rundown of the major differences between the different VPN protocols and how they affect you, before looking in more detail at the key concepts involved in cryptography, and how the NSA’s assault on encryption standards affects VPN users.

The discussion below is rather technical, and although I have made every effort to make it as approachable as possible, you may prefer to just jump to the end of the article for a quick summary.

Update: I have now written two companion pieces to this article, titled VPN encryption terms explained (AES vs RSA vs SHA etc.) and A Complete Guide to IP Leaks. If you are interested in this subject, be sure to check them out!


Point-to-Point Tunneling Protocol was developed by a consortium founded by Microsoft for creating VPN over dialup networks, and as such has long been the standard protocol for internal business VPN. It is a VPN protocol only, and relies on various authentication methods to provide security (with MS-CHAP v2 being the most common). Available as standard on just about every VPN capable platform and device, and thus being easy to set up without the need to install additional software, it remains a popular choice both for businesses and VPN providers. It also has the advantage of requiring a low computational overhead to implement (i.e. it’s quick).

However, although now usually only found using 128-bit encryption keys, in the years since it was first bundled with Windows 95 OSR2 back in 1999, a number of security vulnerabilities have come to light, the most serious of which is the possibility of unencapsulated MS-CHAP v2 Authentication. Using this exploit, PPTP has been cracked within 2 days, and although Microsoft has patched the flaw (through the use of PEAP authentication), it has itself issued a recommendation that VPN users should use L2TP/IPsec or SSTP instead.

Knowing that PPTP was insecure anyway, it came as no surprise to anybody that the NSA almost certainly decrypts PPTP encrypted communications as standard. Perhaps more worrying is that the NSA has (or is in the process of) almost certainly decrypted the vast amounts of older data it has stored, which was encrypted back when even security experts considered PPTP to be secure.


- Client built-in to just about all platforms

- Very easy to set up

- Fast


- Not at all secure (the vulnerable MS CHAPv2 authentication is still the most common in use)

- Definitely compromised by the NSA

L2TP and L2TP/IPsec

Layer 2 Tunnel Protocol is a VPN protocol that on its own does not provide any encryption or confidentiality to traffic that passes through it. For this reason it is usually implemented with the IPsec encryption suite (similar to a cipher, as discussed below) to provide security and privacy.

L2TP/IPsec is built-in to all modern operating systems and VPN capable devices, and is just as easy and quick to set up as PPTP (in fact it usually uses the same client). Problems can arise however, because the L2TP protocol uses UDP port 500, which is more easily blocked by NAT firewalls, and may therefore require advanced configuration (port forwarding) when used behind a firewall (this is  unlike SSL which can use TCP port 443 to make it indistinguishable from normal HTTPS traffic).

IPsec encryption has no major known vulnerabilities, and if properly implemented may still be secure. However, Edward Snowden’s revelations have strongly hinted at the standard being compromised by the NSA, and as John Gilmore (security specialist and founding member of the Electronic Frontier Foundation) explains inthis post, it is likely that it has been been deliberately weakened during its design phase.

L2TP/IPsec encapsulates data twice which slows things down, but this is offset by the fact that encryption/decryption occurs in the kernel and L2TP/IPsec  allows multi-threading (which OpenVPN does not.) The result is that L2TP/IPsec is theoretically faster than OpenVPN.


- Usually considered very secure but see cons

- Easy to set up

- Available on all modern platforms Cons

- Faster than OpenVPN


- May be compromised by the NSA (unproven)

- Likely deliberately weakened by the NSA ( unproven)

- Can struggle with restrictive firewalls


OpenVPN is a fairly new open source technology that uses the OpenSSL library andSSLv3/TLSv1 protocols, along with an amalgam of other technologies, to provide a strong and reliable VPN solution.  One of its major strengths is that it is highly configurable, and although it runs best on a UDP port, it can be set to run on any port, including TCP port 443. This makes traffic on it impossible to tell apart from traffic using standard HTTPS over SSL (as used by for example Gmail), and it is therefore extremely difficult to block.

Another advantage of OpenVPN is that the OpenSSL library used to provide encryption supports a number of cryptographic algorithms (e.g. AES, Blowfish, 3DES,  CAST-128, Camellia and more), although VPN providers almost exclusively use either AES or Blowfish. 128-bit Blowfish is the default cipher built into OpenVPN, and although generally considered secure, it does have known weaknesses, and even its creator was quoted in 2007 as saying ‘at this point, though, I’m amazed it’s still being used. If people ask, I recommend Twofish instead’.

AES is the newer technology, has no known weaknesses, and thanks to its adoption by the US government for use in protecting ‘secure’ data, is generally considered the ‘gold standard’ when it comes to encryption.  The fact that it has a 128-bit block size rather than Blowfish’s 64-bit block size also means that it can handle larger (over 1 GB) files better than Blowfish. However, both ciphers are NIST certified, which while not widely recognized as problem, we have issues with. See below for a discussion about this.

How fast OpenVPN performs depends on the level of encryption employed, although technically speaking IPSec is faster than OpenVPN because encryption/decryption is performed in the kernel, and because it allows for multi-threading, which OpenVPN does not.

OpenVPN has become the default VPN connection type, and while natively supported by no platform, is widely supported on most through third party software (including  both iOS and Android).

Compared to PPTP and L2TP/IPsec, OpenVPN can be a bit fiddly to set up (although this is a very very subjective judgement.) When using generic OpenVPN software in particular (such as the standard open source OpenVPN client for Windows), it is necessary to not only download and install the client, but also to download and setup additional configuration files. Many VPN providers get around this configuration problem by supplying customized VPN clients.

Perhaps most importantly in light of the information obtained from Edward Snowden, it seems that as long as Perfect Forward Secrecy (ephemeral key exchanges, which we discuss later) is used, then OpenVPN has not been compromised or weakened by the NSA.

Although no-one knows the full capabilities of the NSA for sure, both the evidence and the mathematics strongly point to OpenVPN, if used in conjunction with a strong cipher and ephemeral keys, being the only VPN protocol that can be considered truly secure. Unfortunately, not all VPN providers use PFS when implementing OpenVPN…


- Highly configurable

- Very secure (probably even against the NSA, if Perfect Forward Secrecy is used)

- Can bypass firewalls

- Can use a wide range of encryption algorithms

- Open source (and can therefore be readily vetted for back doors and other NSA style tampering)


- Needs third party software

- Can be fiddly to set up

- Support on mobile devices is improving, but is not as good as on the desktop


Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows-only platform (and there is a snowball’s chance in hell of it ever appearing on an Apple device!*). SSTP uses SSL v3, and therefore offers similar advantages to OpenVPN (such as the ability to use to TCP port 443 to avoid NAT firewall issues), and because it is integrated into Windows may be easier to use and more stable.

However unlike OpenVPN, SSTP is a proprietary standard owned by Microsoft. This means that the code is not open to public scrutiny, and Microsoft’s history of co-operating with the NSA, and on-going speculation about possible backdoors built-in to the Windows operating system, do not inspire us with confidence in the standard.

*Update 02 August 2016. Thanks to reader Bob, I am now aware of an open source SSTP GUI client for Max OSX, called iSSTP. "There are snowballs in Hell after all."


- Very secure  (depends on cypher, but usually very strong AES)

- Completely integrated into  Windows (Windows Vista SP1, Windows 7, Windows 8)

- Microsoft support

- Can bypass most firewalls


- Only really works in a Windows only environment

- Proprietary standard owned by Microsoft so cannot be independently audited for back doors and suchlike


Internet Key Exchange (version 2) is an IPSec based tunnelling protocol that was jointly developed by Microsoft and Cisco, and which is baked into Windows 7 and above. The standard is supported by Blackberry devices, and independently developed (and largely compatible) versions of IKE have been developed for Linux (through various open source implementations) and other operating systems. As always, we are wary of anything developed by Microsoft, but if open source versions are used then there should be no problem.

Dubbed VPN Connect by Microsoft, IKEv2 is particularly good at automatically re-establishing a VPN connection when users temporarily lose their internet connections (such as when entering or leaving a train tunnel).

Mobile users in particular, therefore, benefit the most from using IKEv2, which, because of its support for the Mobility and Multihoming (MOBIKE) protocol, also makes it highly resilient to changing networks. This is great news for cell phone users, for example, who connect their smart phones to a WiFi network while at home, but switch to mobile data use when out and about, or who regularly switch between hotspots.

IKEv2 is even more useful to Blackberry users, as it is one of the few VPN protocols supported by Blackberry devices.

It is not as ubiquitous as IPSec (it is supported on much fewer platforms), but is IKEv2 is considered at least as good as, if not superior to, L2TP/IPsec in terms of  security, performance (speed), stability and the ability to establish (and re-establish) a connection.

IKEv2 is also a very good (secure and fast) protocol, especially for mobile users who may even prefer it to OpenVPN thanks to its improved ability to reconnect when an internet connection is interrupted. For Blackberry users, it is pretty much the only option available.


- Faster than PPTP, SSTP and L2TP, as it does not involve the overhead associated with Point-to-Point protocols (PPP)

- Very stable – especially when switching network or reconnecting after a lost internet connection

- Very secure – supports AES 128, AES 192, AES 256 and 3DES ciphers

- Easy to setup (at least at the user-end!)

- Protocol is supported on Blackberry devices

- Uses Perfect Forward Secrecy


- Not supported on many platforms

- Implementing IKEv2 at the server-end is tricky, which is something that could potentially result in issues developing

- We only trust open source implementations


In order to understand encryption there are a number of key concepts that need to be grasped.

encryption_key-01Encryption key length

Key length is the crudest way of determining how long a cipher will take to break, as it is the raw number of ones and zeros used in a cipher. Similarly, the crudest form of attack on a cipher is known as a brute force attack (or exhaustive key search), which involves trying every possible combination until the correct one is found.

Encryption used by VPN providers is invariably between 128-bits and 256-bits in key length (with higher levels used for handshake and data authentication), but what does this mean, and is 256-bit encryption really more secure than 128-bit encryption?

Well, to put these numbers into perspective:

  • A 128-bit key cipher would require 3.4 x10(38) operations to reliably break
  • In 2011 the fastest supercomputer in the word (the Fujitsu K computer located in Kobe, Japan) was capable of an Rmax peak speed of 10.51 petaflops. Based on this figure, it would take Fujitsu K 1.02 x 10(18) (around 1 billion) years to crack an 128-bit AES key by force
  • The most powerful supercomputer in the world is the NUDT Tianhe-2 in Guangzhou, China. Almost 3 times as fast as the Fujitsu K at 33.86 petaflops, it would ‘only’ take it around a third of a billion years to crack a 128-bit AES key. That’s still a long time, and is the figure for breaking just one key
  • A 256-bit key would require 2(128) times more computational power to break than a 128-bit one
  • The number of operations required to brute force a 256-bit cipher is 3.31 x 10(65),  roughly equal to the number of atoms in the universe!

Until the recent Edward Snowden revelations, it was generally assumed that 128-bit encryption was in practice uncrackable through brute force, and would be so another for another hundred years or so (taking Moore’s Law into account). In theory this still hold true, but the sheer scale of resources that the NSA seems to have thrown at cracking encryption has shaken many experts’ faith in these predictions, and system administrators around the world are scrambling to upgrade cipher key lengths.

It should be noted that the US government uses 256-bit encryption to protect ‘sensitive’ data (and 128-bit for ‘routine’ encryption needs). However, the method it uses is AES, which as we shall discuss below, is not without problems.


While encryption key length refers to the amount of raw of numbers involved, ciphers are the mathematics used to perform the encryption, and it is weaknesses in these algorithms, rather than in the key length, that often leads to encryption being broken.

By far the most common ciphers that you will likely encounter with VPN are Blowfish and AES. In addition to this, RSA is used to encrypt and decrypt a cipher’s keys, and SHA-1 or SHA-2 are used as a hash function to authenticate the data.

AES is now generally considered the most secure cipher for VPN use, and its adoption by the US government has only increased its perceived reliability, and consequently its popularity. However, there is reason to believe this trust may be misplaced.


AES, RSA, SHA-1 and SHA-2 were all developed and/or  certified by the United States National Institute of Standards and Technology (NIST), a body that by its own admission  works closely with the NSA in the development of its ciphers. Given what we now know of the NSA’s systematic efforts to weaken or built back doors into international encryption standards, there is every reason to question the integrity of NIST algorithms.

Although NIST has been quick to deny any wrong doing (‘NIST would not deliberately weaken a cryptographic standard’), and has invited public participation in a number of upcoming proposed encryption related standards in a move designed to bolster public confidence, the New York Times has accused the NSA of circumventing the NIST approved encryption standards by either introducing undetectable backdoors, or subverting the public development process to weaken the algorithms.

This distrust was further bolstered on September 17 2013, when RSA Security (a division of EMC) privately told customers to stop using an encryption algorithm that reportedly contains a flaw engineered by the National Security Agency.

Furthermore, Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an encryption standard engineered by NIST, and one that has been known to be insecure for years, with the Eindhoven University of Technology in the Netherlands noting in 2006 that an attack against it was easy enough to launch on ‘an ordinary PC’, and Microsoft engineers flagging up a suspected backdoor in the algorithm. Despite these concerns however, where NIST leads, industry will follow, and Microsoft, Cisco, Symantec and RSA all include the algorithm in their product’s cryptographic libraries, in large part due the fact that compliance with NIST standards is a prerequisite to obtaining US government contracts.

When you consider that NIST certified cryptographic standards are pretty much ubiquitous worldwide throughout all areas of industry and business that rely on privacy (including the VPN industry), this is all rather chilling. Perhaps precisely because so much relies on these standards, cryptography experts have been unwilling to face up to the problem – at least until Silent Circle, the company whichclosed its Silent Mail service rather than see it compromised by the NSA, announced in November 2013 that it planned to move away from NIST standards.

Thanks to BestVPN’s coverage of the issue, small but innovative VPN providerLiquidVPN has also started to experiment with non-NIST ciphers (and is currently using Camellia CBC on its Russia server), but this is the only VPN company we are currently aware of to show any signs of moving in this direction. Most VPN users will therefore have to make do with 256-bit AES as the best encryption standard currently available, but we hope that this will change in the future.

nsa_attacks_02-01NSA attacks on RSA key encryption

One of the revelations that came out of the new information provided by Edward Snowden in September is that, “another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as ‘certificates’, that might be vulnerable to being cracked by GCHQ supercomputers.”

That these certificates can be ‘singled out’ strongly suggests that 1024-bit RSA encryption (commonly used to protect the certificate keys) is weaker than previously thought, and can be decrypted  much more quickly than expected by the NSA and GHCQ. Once a certificate key has been decrypted, then all exchanges past and future will be compromised if non ephemeral key exchange is used (i.e. if, as is depressingly common practice, a single permanent private key is used to decrypt all data).

This means that many forms of encryption which rely on certificates and non ephemeral keys must be regarded broken, including SSL and TLS. This has huge implications for all HTTPS traffic.

The good news is that OpenVPN, which uses ephemeral (temporary) key exchanges, should not be affected. This is because with ephemeral key exchanges a new key is generated for each exchange, and there is therefore no reliance on certificates to establish trust. Even if an adversary were to obtain the private key of a certificate, they could not decrypt the communication. It is possible that a man in the middle (MitM) attack could target an OpenVPN connection if the private key has been comprised, but this would have to be specifically targeted attack.

Since news that the NSA (and GHCQ) can crack 1028-bit RSA encryption became public, some VPN providers at least have beefed up their key encryption to 2048-bits, or even up to 4096-bits.

Perfect Forward Secrecy

Another piece of good news is that solving this problem (even for SSL and TLS connections) is not difficult if websites implement perfect forward secrecy,  a system whereby a new and unique (with no additional keys derived from it) private encryption key is generated for each session. (i.e. use of ephemeral key exchanges). On a positive note, since this article discussing PFS in detail was written, use of ephemeral keys has greatly increased (although sadly is not universal.) Where OpenVPN uses PFS, it should be secure, even against the NSA (as far as we know.)


Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on’, Edward Snowden.

What you should take away from this article is that OpenVPN remains a very secure protocol, and that many VPN companies are working to strengthen their implementation of it. It would be great if providers also started to move away NIST standards, but for that we shall to wait and see.

  • PPTP is very insecure (even its co-creator Microsoft has abandoned it, and it has been compromised by the NSA) and should therefore be avoided. While its ease of setup and cross platform compatibility are attractive, L2PT/IPsec has the same advantages and is much more secure
  • L2TP/IPsec is a good VPN solution for non-critical use, although it has been severely compromised / weakened by the NSA. However, for a quick VPN setup without the need to install extra software it remains useful, particularly for mobile devices where OpenVPN support remains somewhat patchy
  • OpenVPN is easily the best all round VPN solution, despite needing third party software on all platforms. It is reliable, fast, and (most importantly) secure (even against the NSA), although it usually needs a bit more setting up than the other protocols
  • • IKEv2 is also a very good (secure and fast) protocol (if open source implementations are used), especially for mobile users who may even prefer it to OpenVPN thanks to its improved ability to reconnect when an internet connection is interrupted. For Blackberry users, it is pretty much the only option available.
  • SSTP offers most of the advantages of OpenVPN but only in a Windows environment. This does mean that it is better integrated into the OS, but it is poorly supported by VPN providers thanks to this limitation. In addition to this, its proprietary nature and the fact that is was created by Microsoft mean that we for one don’t trust it

So basically, where possible you should always choose OpenVPN (or possibly IKEv2 if the option is available, especially for mobile devices). If you need a quick and dirty solution (such as for protecting your phone from casual criminals when connecting to public WiFi hotspot) then L2TP/IPsec will probably do, but given the increasing availability of OpenVPN apps for mobile devices (especially Android), we would still prefer to use OpenVPN.

Important update: VPN and the WebRTC bug

WebRTC is a ‘feature’ of latest generation browsers (just Firefox and Chrome, not any other browser) designed to allow voice calling, video chat, and P2P file sharing without the need for additional plugins. Unfortunately, it also allows websites to execute JavaScript code within visitors’ browsers that can determine their ‘real’ IP, even when using VPN!

To see whether your browser is vulnerable to the WebRTC ‘bug’, visit your VPN enabled). WebRTC can be easily disabled in Firefox by changing the  media.peerconnection.enabled setting to false (see here for full instructions), but cannot be reliably disabled in Chrome (or Chromium). Note that many websites state that WebRTC can be disabled in Chrome using the ScriptSafe extension, but we have heard reports of this not always working (although it does seem to work for us…)

We therefore strongly recommend that all OpenVPN users switch to using Firefox with WebRTC disabled.

Don’t forget to check out the companion pieces to this article:VPN encryption terms explained (AES vs RSA vs SHA etc.), and

A Complete Guide to IP Leaks.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

92 responses to “PPTP vs L2TP vs OpenVPN vs SSTP vs IKEv2

  1. HI
    my name is hamed bagherpour
    from iran
    i want vpn service
    i need panel for vpn
    pptp l2tp ikev cisco kerio sstp
    can you help me please?

    1. Hi hamed,

      I’m afraid that I don’t really understand your question. Most VPN services support PPTP and L2TP, but support for IKE, IKEv2, and SSTP is much rarer. OneVPN is the only provider I know of to support Cisco OpenConnect/AnyConnect, and I do not know of any commercial VPN provider that supports the Kerio VPN client.

  2. There are snowballs in Hell after all.

    “Secure Socket Tunneling Protocol was introduced by Microsoft in Windows Vista SP1, and although it is now available for Linux, RouterOS and SEIL, it is still largely a Windows-only platform (and there is a snowball’s chance in hell of it ever appearing on an Apple device!).”

    I’m using iSstp on a Mac right now.

    1. Hi Bob,

      Ha ha. Thanks for pointing this out. iSSPT is indeed an SSTP client. In fairness, a) it was released after I wrote this article, and b) it is a very unofficial open source project. I have updated the article with this information :).

  3. Hey Douglas
    A most excellent & informative article indeed. U imparted so much illumination on a subject that is so cloaked in so many mistruthz & outright liez. I just hope u’ll b around 4 a good long while & will continue 2 help teach & guide the rest of us who r not on ur level yet but who truely long 4 truthfull knowledge that we can use 2 protect ourselvez from wut haz been made known 2 us by the revelationz of (MR. EDWARD SNOWDEN) a real hero 4 the people a government that is nothing more than a corrupt corporate entity that will do anything 2 maintain control over it’z citizenz. Keep teaching & enlightening doug & we’ll keep learning & following peace brotha.

  4. hi Douglas,
    i have been using different types vpn with different so to say secured protocols but am always having same issues back and forth ,which vpn or protocol can you suggest for someone like me who travels alot and i would have a reason to access my financial accounts or emails and each time i do it gets shut down with the excuse that someone else is actually accessing my account but in the real sense its me !! i know this is a DNS leak somewhere but most of this providers dont seem to that right most especially the so called top rated

    1. Hi frank,

      I think what you are describing is not a DNS leak at all, but simply your email and bank (or whatever) responding to the fact that you are trying to access your accounts from multiple new and unknown IP addresses/locations. Most web services allow you verify that it is actually you who is accessing your account. Another possibility is that the IP address issued by your VPN provider has been blacklisted thanks to the actions of another user. In this case try connecting to a different server, or if the problem persists, changing VPN provider.

  5. Great Article even in 2016. And coming fresh from my CISSP Boot Camp, this content validated a lot of the material presented in the course, that I had doubt from the poorly delivered instructor. I will look up this author and see if he has any books or reading material on Network security beyond encryption.

    Good read.

  6. Hi Doug, thanks so much for guys like you around on the web helping IT dumb-asses like me in Thailand. Here the military govt had set up an NSA style unit to monitor social media amongst other things. I’m googling and reading through all this, and note what you use. I have a 2011 MacBook Air and new iPhone 6. Being Apple , most things seem difficult working with it. How well does AIRvpn work with Apple and is it easy / no headache for a 50 yr old IT dumb-ass (me) to install or would I be better to go with something stating an easy user interface like Tunnelbear or ? Thanks!

    1. Hi Stuart,

      I use Windows and Android so can’t comment directly on Apple compatibility, but I would definitely go with AirVPN. On the desktop I believe that AirVPN’s Mac client is more or less the same as its excellent open source Windows one, and for iOS it uses the standard OpenVPN Connect app, which works just fine. If you email AirVPN it will will give you a free 3-day trial, or you can pay €1 for a 3 day subscription (quicker.)

  7. Hi Douglas,
    Great article! I have signed up with a VPN provider. The provider have several servers all over the world, including my country. My question is: Does it really matter in terms of security of the VPN which of the servers that I connect to apart from the connection speed? Obviously, connecting to the their server in my country is faster than those in other countries. Thanks

    1. Hi Fridosa,

      It is better in terms of privacy to use a server located in a different country, as this makes issuing a court order etc. to access it more difficult. This is especially true in Europe, where many countries do not require VPN providers to keep logs.

        1. Did u find yr dns leak? If you have chrome on computer or device- kill it. Make sure you dont have explorer open- dont search through Google (perhaps consider torr browser and try DuckDuckGo as search engine). All google and Microsoft will often yield that stinky leak: good u know to check!!! Also: open VPN! Lil slower, but they say its best…. So the one purchased membership less than $10 month, i get to protect them all now: tried a few (no PIA! Useless Encryption though eill hide ip, so might be good dependin on WHY you need VPN: PIA fine for streamin, but even without logs? Still naked and easily hacked. IP Vanish ended up my winner! (servers all over world) and, (well not sure how this workin out: learning all now.. WOW lucky didn’t get hacked sooner!) but IP Vanish was *SILLY* easy to install for macbook w el capitan (salute!): i mean: look up your OS, click button, and open login w same info, done! And all same price and 1 membership, i have IP vanish on devices *instead* of running them as proxy devices (needed data protection out and about! I am DONE w playin w that monkey in the middle!) as research implied, VPN still better bet. Though your ISP might have that transparent proxy thing, which would yield yr dns leaks, though mine def did NOT. Also check your router esp if wirless- make sure you dont offer free guest wifi, strong as possible password access router, and that you are NOT allowing that emo kid house behind you free ride on Tinder or worse! So i shut that down, either u cool n get password for my wifi or u weirdo n deal w cellular cause I’m quite sure my generous open wifi (which isnt secure either, simply logged him into my network and BAM- cascade of hell. Literally? Killed ALL my apple devices- still tryin help ol laptop, poor baby: I didn’t know.. But wont even boot to the disk. Had to WIPE and factory reset iPad and iPhone 6 had gotten only month before… May have been Tencent Weibo, but i have a slutty friend loves they QQ FU hookup apps and Tinder… So pretty sure my network just logged him right into network, once in, his tainted bs destroyed *everything.* Lol least i found out: knew in less then month he cheating and lying: i still get pin drops for parks and hotels he sharin w (ewww) so so many different skanks. Guess some extensions left or something? I had learn FAST after gettin hacked, literally spent so much time to learn so I never be burned again hopefully. Oh PS: IP vanish on my devices are not open vpn: they are the L2TP/Ikev2 configuration, but again: super easy to use, USUALLY fast, reliable, and has setting so that domains that block us w VPNs can be specified, so no probs loggin in.. But may check yr router as well. Lovin IP vanish so far- i think the open VPN lil slower, but for added security after hacked? Lol i am FINE w lil patience, or just try new different server on my app. they make so easy to choose… So idk bout configs, if need to align them, but least I know- my stuffs secured, least well can be for now. VPN rocks and IP vanish amazing! GREAT article!! So yeah hopefully yr dns leaks not your isp… Transparent proxy thingy… :/ I haven’t had one dns leak yet w any of my devices or main MBook, on ip vanish…

    1. Hi TCal,

      There is no definitive answer, but as I think the article makes clear, I generally recommend using OpenVPN where possible.

  8. Addendum:

    Have just tested the upload and download speeds again using Here are the results prior and post AirVPN installation:

    Prior: Download: 13.73Mbps / Upload: 0.49Mbps – Ping: 15MS

    Post: Download: 13.22Mbps / Upload: 0.59Mbps – Ping: 47 MS

    The overall poor show is simply due to the standard Austrian Telecom limitations/restrictions, which are another issue entirely.

    1. Hi Mike,

      If you are in Australia and connecting to NL, those are very good figures. The low ping time has much more to do with the sheer distance that you data has to travel, rather than any failing in Aussie Telecoms (you know: physics!)

      1. Hi Doug,

        In my case the “prior” ping was sent to a server located here in Austria (central Europe) about 50 kilometers from my own location. The “post” ping was sent to an AirVPN server in the Netherlands located apprx. 800 kilometers away. For me the download speed is acceptable, the upload speed is pretty much at the lower end of the acceptability spectrum. I’ll be looking for better performance parameters and another provider soon.

        On closing, I might note that perhaps I cheered too soon concerning the Windows 7 installation of AirVPN. Although, upon installing the program, I immediately had my tunnel and fast access to the Dutch server, upon rebooting my system I was unable to reach the Windows login stage. This could only be achieved via the rudimentary “secure mode” (without network drivers) and in the end I had to reset the entire system by a few hours. But at least it ran again.

        I reinstalled AirVPN (64bit) again today, successfully connected to another Dutch server and then immediately downed the system to see if it would correctly boot again. It didn’t and wouldn’t without another complete system reset (rollback).

        As I’m no expert, I have no idea what the Problem might be but will spend some time searching the AirVPN forums for a solution this weekend. It’s not without irony, that I was able to install AirVPN under Ubuntu without the slightest difficulty, but encountered problems under Windows 7. I can understand the VPN itself not working but that the entire system refuses to even boot just blows my mind.

        Anyway, thanks for your kind responses and I look forward to following your work in the future.

        1. Hi Mike,

          I use AirVPN with Windows 8.1. The only trouble I occasionally encounter is that if the client does not shut down properly, it sometimes leaves the DNS settings pointing at AirVPN’s servers (so I cannot connect to the internet unless AirVPN is running.) This is easily fixed by by temporarily changing the DNS settings to point at Google DNS (

  9. This is a great, very informative article. Have just installed the OpenVPN-based AirVPN on both a Microsoft and Ubuntu system on two machines and was amazed how easily it went. Via IPLeak.Net I then went on to shut off all my Firefox IP leaks. Installation of AirVPN on Ubuntu was a dream and although Windows 7 initially balked during that process, in the end it succumbed to the whip. 🙂

    I tested download and upload speeds before and after installation of the VPN and notice virtually NO difference. The AirVPN servers located in Holland are very, very fast. Overall Web response time remains unchanged at 13MB down- and 0,5 MB upload.

    I warmly recommend the AirVPN solution and will be testing it over the next 4 weeks before subscribing for one year. The price is negligible compared to the vast benefits a secure VPN environment provides.

    Compliment to Douglas Crawford and the team at AirVPN.

  10. Hi, thank you for your great article. I’m from Iran. everything is blocked here!

    Facebook, Twitter, G+, Blogspot, YouTube, Flickr, Google Play, Torrent sites, Movie and Music sites, … (these by government)

    All Oracle sites, VMware, Microsoft Store, Android Developer sites and updates, Chromecast, many of Google sites and services, … (these because of US sanctions)

    Almost everyone use VPN and Proxy here.

  11. What about the microsoft certificate (2012r2) service then. Is it just for fun. Anyway is much hard to setup so whats the deal. Is it useless Mr. Douglas. Explain please!!

    1. Hi Step,

      The Microsoft Certificate Service allows VPN certs to be installed on computers running Windows Server 2012 R2. It is designed to allow remote workers to securely login to business computers, and is not used by any commercial VPN service that I am aware of. It is also of interest only to system administrators, and not end-users. More details can be found here and here, although even in the commercial world I do not believe use of this service is common. I may, out of a sense of completeness, address this subject in more detail at some point in the future, but I wouldn’t hold my breath…

  12. Can somebody tell me wich of the following VPN protocls is the most secure and private?

    L2TP/IPSec RSA
    L2TP/IPSec PSK
    IPSec Xauth PSK
    IPSec Xauth RSA
    IPSec Hybrid RSA


    1. Hi Antonio,

      A good description of these terms is available here. In general, though, just follow your VPN provider’s setup instructions (most use L2TP/IPSec with a pre-shared PSK key for maximum countability across platforms.) Note that if you are very concerned about security then you are better using OpenVPN anyway. Technically, RSA (encryption) is stronger than PSK, and Xauth is better (more efficient) than L2TP/IPSec.

    1. Hi Sam,

      How about setting up a VPN server (either VPS or from home) for your classmates to use, perhaps complete with a DNS resolution server? You don’t say at what level you are working at (final year at high school? undergrad college?), but you could expand the project by setting up multiple servers and coding a nice client to switch between them (and different VPN protocols), implementing VPN through SSL and/or SSH tunnels, adapting obsfproxy to hide VPN use, and more…

  13. hey i used openvpn . at first i thought its secure but later i got to know that its leaking my ISP IP through WebRTC . better to use L2TP.

    1. Hi Nandan.

      As far as I understand it, the WebRTC bug affects all VPN users, including those of L2TP. I would instead suggest using the more secure OpenVPN with the Firefox browser (with media.peerconnection.enabled set to false – see here for more details). I have updated this article to include this point. Thanks.

  14. Excellent article – few queries here which other smay find useful…

    Safe encryptions Vs unsafe encryptions – L2TP/IPSec, IKEv2/IPSec, OpenVPN (SSL), SSTP (SSL) (safe) Vs PPTP/MS-CHAP v2, WLANs/WPA2, EAP/MSCHAPv2 (unsafe) – is this correct?

    Most common ciphers with VPN – Blowfish, AEN, RSA, SHA-1, SHA-2 – are these ciphers actually encryption tools?

    1028-bit Vs 2048-bit Vs 4096-bit encryption – which secure VPN is using which?

    1. Hi Jay,


      1. The NSA’s Tailored Access Operations (TAO) team can overcome IPsec by hacking specifically targeted routers to uncover the keys (it cannot crack the encryption itself), but it should be more than secure enough for most purposes. WPA/WPA2 refers to WiFi encryption rather than the kind used for VPN, and is generally considered secure (unlike WEP)

      2. Blowfish is the default cipher for OpenVPN. AES is stronger, and is being used more and more for both OpenVPN and other encryption needs. RSA is used to protect the encryption keys (not the data itself) and secure the handshake (how the connection between servers is established). SHA, SHA1 and SHA256 are hashes used to verify the integrity of the connection

      3. OpenVPN is secured using 128-bit or 256-bit encryption. 256-bit is generally considered more secure, but this is debated. RSA uses 1028-bit + ciphers, and the more bits the better… PIA allows you to select 4096-bit RSA in its custom client, and AirVPN uses it by default. For general technical security, I can’t recommend AirVPN highly enough.

      1. Also, note that the WPA encryption you apply to your office or SoHo based router is not across the internet, its only from your PC to Router antenna. So, users should not assume just because you apply encryption to your PC’s wireless connection, that your traffic is encrypted all the way to the destination. In order to accomplish that you need to encrypt your internet session, establish a site to site VPN, or only browse sites using HTTPS:

        Oh, and for the record NSA has the private keys to most public servers without a court order therefore, enabling encryption on your router or your Internet session is moot. They can run the private key to decrypt your traffic and see everything that your passing.

        You really need to encrypt the data before it leaves, establish your own CA, transfer your public key to specific sources. And then, encrypt your session to the public servers.

        1. THANKS!!!! Wow that’s brilliant! So So glad to know: i had no idea but now its like “Ohhh perfect!!l” thanks all the incredible info..

  15. AirVPN implements Perfect Forward Secrecy. That was the reason that made me to sign with them. In addition their service is VERY GOOD! I recommend!

  16. Since when IKE has anything to do with VPN? IKE (or “Internet Key Exchange” in full) is protocol for key agreement, used to agree/exchange keys, ciphers and modes of operation of IPSEC tunnels.

    IKE is just a control protocol and useless without something to control, without IPSEC. On the other hand you may use IPSEC without IKE, as long as you set up keys and parameters my hand.

    1. Hi czeslaw,

      Having a strong password makes breaking the password more difficult, but does not address the fundamental weaknesses in PPTP. Similarly, using an X.509 PKI key located on a USB device is a great way of verifying users and preventing a key-based attack, but does not address the fact that the NSA can break IPSec (although this does require systems to be actively attacked by its TAO team).

    2. Hi Pyth0n,

      Oddly enough, that is exactly what I thought when I first started researching IKE. However, as articles such as this one from Microsoft clearly show, IKE is considered a VPN protocol n its own right,

      Choosing between tunneling protocols… When choosing between PPTP, L2TP/IPsec, SSTP, and IKEv2 remote access VPN solutions, consider the following:

  17. What about PPTP password length, if I have 20 letters long- does it matter?

    What about L2TP/IPSEC with X509 PKI located on USB stick?


  18. hello…I am a telecom enthusiast and I am doing my masters in telecom engineering. I would like to do a project on implementing VPN technology. I found this blog really informative. Can somebody suggest a good project?

    1. Hi Smeedu
      We’ll leave your comment here as maybe one of our readers can recommend you something but you’re probably better off talking to your professors or browsing developer and programming forums.

  19. Can you compare these solutions to the security of using Microsoft’s SSL-encrypted solutions such as Mapi-over HTTP for Outlook, RD Gateway for RDP sessions and Direct Access?

    1. Hi Daryl,

      The solutions you mention are all proprietary Microsoft solutions designed to allow business users to remotely access corporate resources, and are thus not really the focus of this article (which is about protocols used by VPN providers to allow private users to access the internet securely and privately.) They are also well outside my area of expertise.

      That said, PPTP and L2TP/IPSec can be used for business purposes (in fact, that is what they were designed for, and their use was common before SSL was thing.) This article ( may help explain the pros and cons. OpenVPN uses OpenSSL libraries, but is not suitable for business VPN.

  20. Great article.

    Can you explain why, then most of the companies are going to cisco or juniper vpn solutions ?
    Or can you tell pro’s and con’s of windows(sstp) and cisco vpn’s(Anyconnect..etc.) ?
    Or is that only because of the hardware capabilities they are moving to cisco(asa firewall) and juniper solutions ???

    1. Hi Ragu,

      I am not an expert on commercial business VPN, but suspect the answer lies in that fact that Cisco and Juniper network hardware comes with their VPN solutions baked in, so it is just easier for companies to go with that, and take advantage of the technical support that comes with it. I will investigate further, and write an article on the subject if my findings warrant it. I cover SSTP in the article (!), but will take a look at Anyconnect and other Cisco VPN clients etc. …

  21. Great article to learn VPN.
    There’s one math error for the AES-128 brute force attack though – petaflops is 10^15flops. So, the time for Fujitsu K to crack is 2^128 / 10.51×10^15 / (3600x24x365) = 10^15 years. That’s a million billion years.

  22. Thanks for the info… very enlightening and makes it clear that using OpenVPN was the right choice for me. Didn’t know about the 443 “hide-ability”, great idea i’ll have to implement that now.

    1. They are not vulnerable to that sort of attack.

      That is a way that some systems try too fool a browser that the public key they provide is real (when it really isn’t) – the client only stores the key pfor the duration of the browser instance, so this check is done frequently.

      With the VPN’s you statically configure your certificates on either side of the connection, so there is never the occasion where you are presented with a certificate, and have to decide whether to accept it or not, because your vpn client already has it!

  23. Good Job!!

    But ,sir can any one on same server go inside u computer ? (like network shearing?)

    and how online program know my computer ip ? (like scan antivirus online)

    Thank you again about u great work.

    1. Hi MAB,

      No, VPN does not work like network sharing, and you share nothing with either the server you are connected to or anyone else connected to that server. Online programs simply connect to the VPN server, which connects them through to your computer.In the unlikely event there is a problem, then you can turn of your VPN for the duration on the scan (or whatever).

  24. how does 1.02 x 1018 =~ 1 billion years??
    “it would take Fujitsu K 1.02 x 1018 (around 1 billion) years to crack a 128-bit AES key by force”

    also, left out the caret
    “A 256-bit key would require 2^128 times more computational power to break than a 128-bit one”

    1. Hello Mr Marvellous,

      I’m afraid that WordPress is funny with formatting, and ate the carets without my noticing. It should also be ‘it would take Fujitsu K 1.02 x 10^18 (around 1 billion) years to crack a 128-bit AES key by force.

      No. of Years to crack AES with 128-bit Key = (3.4 x 10^38) / [(10.51 x 10^12) x 31536000]
      = (0.323 x 10^26)/31536000
      = 1.02 x 10^18
      = 1 billion billion years


      I have now put the carets back.

    2. actually encryption can be broken relatively easy using quantum methods.
      naturally the government with immense resources taken from the people (OPM) will have technologies years ahead of what is ‘known’ by people in society given the nature of black projects and how much money has gone unaccounted for – trillions and trillions. of course people choose not to believe such massive amounts, but when you understand what money is, you get it.
      anyway, all security is manmade and therefore can be broken, which is the achilles heel of alleged encryption.
      so encryption is useful to a point, mainly from the general marauding idiot criminals, and for short burst periods of usage to get past an event or whatever, but for the long haul, security is not all that it is cracked up to be – heh heh.

      1. Many experts agree the NSA is about 10 years ahead of the private sector given their employment of a majority of the top cryptography expertsin the world who are barred from making their work public and their ability to augment their knowledge with what’s available in the open source community. This one-way sharing gives them a distinct lead.

  25. 1. PPTP wasn’t invented by Microsoft. MS was one of contributors to RFC.
    2. You have compared the length of the key for symmetric and asymmetric encryption methods very dashingly. It’s not correct.

  26. Hi Pete,
    Is there a difference in how L2TP VPN needs to be configured when used with Linux and Windows clients, especially if there need to be any extra ports that need to be open.
    I am able to connect to my college VPN server from my windows client but not from my linux client. I am assuming some ports are not properly configured on the VPN Server which is causing this problem.

  27. You are just AWESOME!
    I had never found so much information in one place!
    I am from I_RA_N. Could you please make a guide specifically for us? We are the most common users of VPNs. Even more than C_hin_a.

Leave a Reply

Your email address will not be published. Required fields are marked *