In recent months, the army of VPN users has grown significantly. And it’s not about lovers to bypass locks and visit prohibited sites, but about those who use a VPN for safe operation (yes, remote work). This is an occasion to once again look at the arsenal of available protocols and compare them from a security point of view.
For starters, a few general points about VPN. VPN usage scenarios can be different, the most popular ones are:
- building a secure channel between two or more remote network segments (for example, between offices in Moscow and Nizhny Novgorod);
- connecting a remote employee to the corporate network (now almost every office employee knows about it);
- virtual change of location using VPN Providers services (it requires the least gestures to configure, but all your traffic will go through someone else’s server).
To implement these scenarios, there are various types of VPN protocols – for communication, for traffic encryption, and others. And already on the basis of a suitable protocol, you can “build” your decision. Two of the most well-known and widely used protocols are OpenVPN and IPSec, and WireGuard has recently appeared, which caused some disagreement. There are other alternatives that are already outdated, but quite capable of solving certain problems.
The advantage of a VPN protocol depends on a number of factors and conditions of use:
Devices – different devices support different protocols.
Network – if certain services are not available in your location, some protocols may not work. For example, there are VPN Providers that operate in China, while most existing providers are blocked.
Performance – Some protocols have more performance, especially on mobile devices. Others are more convenient for use in large networks.
Threat Model – Some protocols are less secure than others, therefore, attackers can affect them in different ways.
So, with the general part finished, now we move on to a detailed description and comparison of the protocols.
Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols used so far. Powered by TCP port 1723, was originally developed by Microsoft.
PPTP is natively supported on all versions of Windows and most other operating systems. Despite its relatively high speed, PPTP is not very reliable: after a disconnection, it does not recover as fast as, for example, OpenVPN.
PPTP is currently essentially outdated and Microsoft advises Use other VPN solutions. We also do not recommend choosing PPTP if security and privacy are important to you.
Of course, if you just use a VPN to unblock content, PPTP has a place to be, however, we repeat: there are safer options that you should pay attention to.
Secure Socket Tunneling Protocol (SSTP) is a proprietary product from Microsoft. Like PPTP, SSTP is not very widely used in the VPN industry, but, unlike PPTP, it has not been diagnosed with serious security problems.
SSTP sends traffic over SSL over TCP port 443. This makes it useful for use in limited network situations, for example, if you need a VPN for China. Although SSTP is also available on Linux, RouterOS, and SEIL, for the most part it is still used by Windows systems.
In terms of performance, SSTP is fast, stable, and secure. Unfortunately, very few VPN providers support SSTP.
SSTP can help out if other VPN protocols are blocked, but again OpenVPN will be the best choice (if available).
Internet Protocol Security (IPsec) is a set of protocols for protecting data transmitted over an IP network. Unlike SSL, which works at the application level, IPsec works at the network level and can be used natively with many operating systems, which allows it to be used without third-party applications (unlike OpenVPN).
IPsec has become a very popular protocol for use in conjunction with L2TP or IKEv2, which we will discuss below.
IPsec encrypts the entire IP packet using:
- Authentication Header (AH), which puts a digital signature on each packet;
- Encapsulating Security Protocol (ESP), which ensures the confidentiality, integrity and authentication of the packet during transmission.
IPsec discussion would be incomplete without mentioning a leak presentations The US National Security Agency, which discusses the IPsec protocols (L2TP and IKE). It is difficult to come to unambiguous conclusions based on the vague references in this presentation, but if the threat model for your system includes targeted monitoring by curious foreign colleagues, this is an occasion to consider other options. Still, IPsec is still considered secure if implemented properly.
Now we will look at how IPsec is used in conjunction with L2TP and IKEv2.
L2TP / IPsec
Layer 2 Tunneling Protocol (L2TP) was first introduced in 1999 as an update to the L2F (Cisco) and PPTP (Microsoft) protocols. Because L2TP alone does not provide encryption or authentication, IPsec is often used with it. L2TP paired with IPsec is supported by many operating systems, standardized in RFC 3193.
L2TP / IPsec is considered secure and does not have any serious problems identified (much safer than PPTP). L2TP / IPsec can use 3DES or AES encryption, although considering that 3DES is currently considered a weak cipher, it is rarely used.
The L2TP protocol sometimes has problems due to the use of the default UDP port 500, which is known to be blocked by some firewalls.
The L2TP / IPsec protocol allows for high security of the transmitted data, is easy to configure and is supported by all modern operating systems. However, L2TP / IPsec encapsulates the transmitted data twice, which makes it less efficient and slower than other VPN protocols.
IKEv2 / IPsec
Internet Key Exchange version 2 (IKEv2) is a tunneling protocol standardized in RFC 7296. IPsec is just as secure as L2TP, which suggests their same level of security. Although IKEv2 was developed by Microsoft in conjunction with Cisco, there are open source protocol implementations (e.g. Openikev2, Openswan and strongSwan)
With support for Mobility and Multi-homing Protocol (MOBIKE), IKEv2 is highly resilient to network switching. This makes IKEv2 a great choice for smartphone users who regularly switch between home Wi-Fi and a mobile connection or move between access points.
IKEv2 / IPsec can use a number of different cryptographic algorithmsincluding AES, Blowfish and Camellia, including those with 256-bit keys.
IKEv2 supports Perfect Forward Secrecy.
In many cases, IKEv2 is faster than OpenVPN, as it is less resource intensive. In terms of performance, IKEv2 may be the best option for mobile users, because it re-establishes connections well. IKEv2 is natively supported on Windows 7+, Mac OS 10.11+, iOS, as well as on some Android devices.
OpenVPN is a universal open source VPN protocol developed by OpenVPN Technologies. Today it is perhaps the most popular VPN protocol. Being an open standard, it has passed more than one independent security review.
In most situations when you need to connect via VPN, OpenVPN is most likely suitable. It is stable and offers good data transfer rate. OpenVPN uses the standard TCP and UDP protocols and this allows it to become an alternative to IPsec when the provider blocks some VPN protocols.
OpenVPN requires special client software to work, not one that works out of the box. Most VPN services create their own applications for working with OpenVPN, which can be used in different operating systems and devices. The protocol can work on any of the TCP and UPD ports and can be used on all major platforms through third-party clients: Windows, Mac OS, Linux, Apple iOS, Android.
But if it is not suitable for your situation, you should pay attention to alternative solutions.
The newest and unexplored VPN protocol is Wireguard. It is positioned by developers as a replacement for IPsec and OpenVPN for most cases of their use, while being safer, more productive and easier to use.
All IP packets arriving at the WireGuard interface are encapsulated in UDP and safely delivered to other peers. WireGuard uses modern cryptography:
- Curve25519 for key exchange,
- ChaCha20 for encryption,
- Poly1305 for data authentication,
- SipHash for hash table keys,
- BLAKE2 for hashing.
WireGuard code looks much more modest and simpler than OpenVPN code, making it easier to examine for vulnerabilities (4 thousand lines of code versus several hundred thousand). Also, many note that it is much easier to deploy and configure.
Performance test results can be seen at official website (as you might guess, they are good). It is worth noting that WireGuard will show the best results on Linux systems, as there it is implemented as a kernel module.
Just recently been submitted WireGuard 1.0.0, which marked the delivery of WireGuard components in the main Linux kernel kernel. Linux kernel code passed An additional security audit carried out by an independent company that did not reveal any problems. This is great news for many, but whether WireGuard can become a worthy replacement for IPsec and OpenVPN will show time and independent security research.
We tried to characterize the most popular VPN protocols, we hope the review was useful to you. As a summary, we present a comparative table, which once again identifies important, in our opinion, indicators.
|PPTP||SSTP||L2TP / IPsec||IKEv2 / IPsec||Openvpn||Wireguard|
|Development company||Microsoft||Microsoft||L2TP – joint development of Cisco and Microsoft, IPsec – The Internet Engineering Task Force||IKEv2 – joint development of Cisco and Microsoft, IPsec – The Internet Engineering Task Force||OpenVPN Technologies||Jason A. Donenfeld|
|License||Proprietary||Proprietary||Proprietary||Proprietary, but there are open source protocol implementations||GNU GPL||GNU GPL|
|Deployment||Windows, macOS, iOS, some time GNU / Linux. Works out of the box, without requiring additional software||Windows Works out of the box, without requiring additional software||Windows, Mac OS X, Linux, iOS, Android. Many operating systems (including Windows 2000 / XP +, Mac OS 10.3+) have built-in support, there is no need to install additional software||Windows 7+, macOS 10.11+ and most mobile OSs have built-in support||Windows, Mac OS, GNU / Linux, Apple iOS, Android and routers. It is necessary to install specialized software that supports working with this protocol||Windows, Mac OS, GNU / Linux, Apple iOS, Android. Install WireGuard itself, and then set up the guide|
|Encryption||Uses Microsoft Point-to-Point Encryption (MPPE), which implements RSA RC4 with a maximum of 128-bit session keys||SSL (all parts are encrypted except for TCP and SSL headers)||3DES or AES||Implements a large number of cryptographic algorithms, including AES, Blowfish, Camellia||Uses OpenSSL library (implements most popular cryptographic standards)||1-RTT key exchange, Curve25519 for ECDH, RFC7539 for ChaCha20 and Poly1305 for authentication encryption, and BLAKE2s for hashing|
|Ports||TCP port 1723||TCP port 443||UDP port 500 for initial. key exchange and UDP port 1701 for initial L2TP configuration, UDP port 5500 for NAT bypass||UDP port 500 for initial key exchange, and UDP port 4500 for NAT bypass||Any UDP or TCP port||Any UDP port|
|Security flaws||It has serious vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attacks, and the RC4 algorithm is attacked by Bit-flipping||No major security flaws identified||3DES is vulnerable to Meet-in-the-middle and Sweet32, but AES does not have known vulnerabilities. However, it is believed that the IPsec standard has been compromised by the NSA||Could not find information on existing security flaws, except for incident with leak of NSA reports regarding IPsec||No major security flaws identified||No major security flaws identified|
Material prepared jointly with veneramuholovka