When implementing remote access VPN, people often get confused by the protocols and types of VPN available and which one they should pick. What are the differences between PPTP vs L2TP/IPSec vs SSTP vs IKEv2 vs OpenVPN? Which one is most secure and easy to implement? Are they supported on Widnows, Mac OS, Linux and smart phones? More importantly, are they resilient to network changes (i.e. switching from wired to wireless network) and unstable Internet connections? In this session we’ll compare common VPN protocols and explain pros and cons for each of them.

Remote access VPN vs. site-to-site VPN

Before we dive into comparing the VPN protocols, let’s first understand there are two main categories of VPN implementations.

With remote access VPN, the best example is that a telecommute employee connects to the corporate network with his laptop computer or a smart phone. With this example, we are talking about a host connecting to a network securely over the Internet. Every host must have VPN client software installed or use clientless SSL VPN where it is a browser based VPN. The browser essentially acts as a VPN client. In either case the VPN client encapsulates and encrypts traffic sending through the tunnel. On the other end, the corporate VPN devices authenticate, encrypt and accept remote access VPN requests. Remote access VPN is meant for on-demand, as needed basis. Teleworkers connect to the corporate network when they need to access network resources and terminate the connection when they have finished the work.

With site-to-site VPN, think of an organization has outgrown their office space and must setup a branch location. Employees at branch office shall have access to the network resources reside in HQ. In this example we would set up a site-to-site VPN connecting two office networks. The VPN endpoint, often an Internet gateway and a firewall like Cisco ASA, is responsible of establishing the VPN tunnels with the other end. Traffic sent and received within the tunnel is encrypted by the VPN endpoints. Users at each office location are unaware of the actions behind the scenes. With site-to-site VPN, it is often always on. (Technically the Security Associations SAs would timeout after certain period of time for example 8 hours but they get rebuilt immediately when there is traffic trying to go through.)

VPN protocols discussed here are merely different ways to get the same thing done. We are looking at how well they get things done with a more secured manner. They can be used in either remote access or site-to-site VPN implementations. In this session we’ll be focusing on remote access VPN.

PPTP vs L2TP/IPSec vs SSTP vs IKEv2 vs OpenVPN, Wat are the key differences?

Think of a VPN tunnel is privately reserved carpool lane on the highway, and putting a privacy cover on top of it. The carpool lane still uses the same infrastructure, as IP packets on the Internet, but people can’t see what’s inside the cover. All the VPN protocols discussed here follow the same methodology – encryption and encapsulation. Simply put, encryption makes the data unreadable while sending over the public Internet. Encapsulation is a way to package the payload before forwarded to the carrier. Here is an example. When you are sending a Christmas gift (original IP packets) to your friend, you pack your gift in a box before giving it to the post office. The box is the encapsulation that the post office requires to handle your goods. You should not just handover your gift to the post office. What’s lacking in this gift sending analogy is that the content of the package isn’t encrypted. If someone happened to intercept your package on the way, your content is exposed. To add security, the content of the payload is encrypted in a VPN tunnel. Even if someone managed to break in and obtain the content, it is useless to them unless they have the private key to decrypt.

PPTP (Point to Point Tunneling Protocol)

PPTP is based on the features originally specified for Point-to-Point Protocol (PPP). PPP encapsulates IP packets within PPP frames and then transmits the encapsulated packets across the Internet. PPP was originally defined as the protocol to use between a dial-up client and a network access server.

Encapsulation

PPTP uses PPP specifications to encapsulate IP packets when sending over the network. It uses a modified version of GRE to setup tunnel encapsulation of the PPP data frames. The payload of the encapsulated PPP traffic can be encrypted and compressed.

Encryption

The PPP frame is encrypted with MPPE (Microsoft Point-to-Point Encryption) by using encryption keys generated from MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol) or EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) authentication process. VPN clients must use MS-CHAP v2 or EAP-TLS authentication protocols. Only 128-bit RC4 encryption algorithm is supported by PPTP. Furthermore, IKEv2 does not run on top of PPP.

My thoughts

There are two facts turned me down on PPTP. PPTP VPN does not provide data integrity check (proof that the data was not modified in transit) or data origin authentication (proof that the data was sent by the authorized user). Secondly, only 128-bit RC4 encryption is supported. I would not recommend running any encryption bit length shorter than 256-bit or even 512-bit in the current Internet environment. They are actually one of the requirements in HIPAA and PCI compliance.

Therefor, unless all other options are exhausted, I would avoid using PPTP.

L2TP/IPSec (Layer 2 Forwarding over IPSec)

L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco. L2TP combines the best features of PPTP and L2F. Even the underlying tunneling technology still utilizes PPP specifications. the encryption is done by IPSec in transport mode.

Encapsulation

L2TP has two layers of encapsulations – inner L2TP encapsulation and outer layer IPSec encapsulation. The inner layer comprised of an L2TP header and a UDP header wrapped around the PPP frame. The outer layer adds IPSec ESP (Encapsulating Security Payload) header and trailer to the first layer. The IPSec authentication trailer provides message integrity check and authentication.

Encryption

Data encryption is done with one of the following protocols by using encryption keys generated from the IKE negotiation process. AES-256 (Advanced Encryption Standard), AES-192, AES-128, and 3DES encryption algorithms. Since vulnerabilities have been found in 3DES algorithms, using 3DES is no longer recommended.

My thoughts

Unlike PPTP and SSTP, L2TP/IPsec enables machine authentication at the IPsec layer and user level authentication at the PPP layer. It supports either computer certificates or a preshared key as the authentication method for IPsec.  L2TP/IPsec provides data confidentiality, data integrity, and data authentication.

Furthermore, L2TP/IPSec supports the highest encryption. It checks data integrity and encapsulates the data twice. It is not the fastest VPN solution because of the double encapsulation overhead but you can’t really notice it running on the modem hardware.

L2TP/IPSec protocol uses UDP port 500, which is more easily identified and blocked by firewalls. L2TP/IPSec is supported natively on many consumer and business grade firewalls like Cisco ASA. In that case you don’t have to deal with the issue.

I would recommend using L2TP VPN for any environment.

SSTP (Secure Socket Tunneling Protocol)

SSTP encapsulates PPP traffic over SSL (Secure Sockets Layer) channel of the HTTPS traffic. The underlying technology still utilizes PPP specifications. SSTP rides on the HTTPS protocol over TCP 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP uses PPP authentications like EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking. SSTP was introduced by Microsoft in Windows Vista SP1 and it is largely a Windows-only platform.

Encapsulation

SSTP encapsulates PPP dataframes and uses TCP 443 for tunnel management.

Encryption

Data is encrypted with the SSL channel of the HTTPS protocol.

My thoughts

The good: SSTP VPN connections provide data confidentiality, data integrity, and data authentication. It uses SSL v3, and therefore offers advantages to ride on TCP port 443 over HTTPS to avoid NAT firewall issues.

The bad: it is developed and owned by Microsoft. Even though it has been made available to other platforms such as Linux and Mac, it is largely a Windows-oriented solution and it is integrated into Windows products.

I would recommend it but it would not be my first choice.

IKEv2 (Internet Key Exchange version 2)

IKEv2 uses Ipsec in tunnel mode (vs. transport mode) protocol over UDP port 500. One of the biggest advantages of using IKEv2 is its tunnel mobility and resiliency. Users can switch their mobile devices from wired to wireless network or move from one wireless hotspot to another while still having VPN tunnel automatically reconnected.

Encapsulation

IKEv2 encapsulates datagrams by using IPsec ESP or AH headers for transmission over the network.

Encryption

Same as L2TP, data encryption is done with one of the following protocols by using encryption keys generated from the IKE negotiation process. AES-256 (Advanced Encryption Standard), AES-192, AES-128, and 3DES encryption algorithms. Since vulnerabilities have been found in 3DES algorithms, using 3DES is no longer recommended.

My thoughts

IKEv2 is very similar to L2TP over IPSec. Both protocols leverage IPSec encapsulation and encryption and provide data confidentiality, data integrity, and data authentication. In addition, IKEv2 supports mobility (MOBIKE), it is much more resilient to changing network connectivity, making it a good choice for mobile users who move between access points and even switch between wired and wireless connections.

IKEv2 has fewer overheads than PPTP, L2TP/IPSec and SSTP, making it faster without scarifying security.

The only drawback is that not all platforms support IKEv2 VPN. Check your environment and the compatibility across the network. I would definitely recommend IKEv2 if you don’t have compatibility issue.

OpenVPN (Open Source VPN based on OpenSSL)

OpenVPN is an open source technology that uses the OpenSSL library encrypted by SSLv3/TLSv1 protocols. OpenVPN’s use of common TCP/UDP ports like TCP 443 makes it a desirable alternative to IPSec in situations where Internet firewalls blocks specific VPN protocols. OpenVPN is compatible with SSL/TLS, RSA Certificates and X509 PKI, NAT, DHCP, and TUN/TAP virtual devices. OpenVPN client is supported on Windows, Mac, Linux, iPhone and Android.

Encapsulation

Datagrams are encapsulated in OpenVPN frames and transported over SSL layer of HTTPS.

Encryption

OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish.

My thoughts

OpenVPN is fast, secure and reliable. My only concern is that the OpenVPN server must be deployed on some sort of server platform inside your network. The server can be a physical server (Windows, Linux, Mac, etc.) or a virtual appliance. You must open up a firewall hole such as inbound TCP 443 to allow remote users to reach the OpenVPN server. Even though effort can be made to make it as secure as possible, like hosting the OpenVPN server in DMZ network, I don’t necessary like the idea of exposing a host to the public Internet because the OpenVPN server itself can be compromised. The server is running generic operating systems like Windows and Linux. You’ll need to spend considerable amount of time hardening the OS and keeping up the ongoing patching. I would rather prefer seeing OpenVPN implemented on the Internet gateway or firewall.

PPTP vs L2TP/IPSec vs SSTP vs IKEv2 vs OpenVPN, What do I recommend?

Here is my advice on picking a VPN protocol:

  • Avoid obsolete protocols. Ones that haven’t been improved for longtime, ones do not support the latest and higher encryption standards.
  • Give up the ones with obvious security risks, major vulnerabilities. (And they haven’t fixed it)
  • Does your Internet gateway and firewall support it natively?
  • Don’t jump on the new and shiny ones right away. OK to test but don’t deploy in production.
  • Open Source is cool, be prepared to support it yourself.

After all above, pick what works for you from the remaining options. You’ll be glad with all the researches done.