A question comes from a reader who wants to use a Virtual Private Network (VPN), specifically for security when traveling. A VPN can be used to hide your actual location and/or for protection online. Once you connect your computer, tablet, smart phone, or router to your VPN, it will establish a secure tunnel between it and a remote server located somewhere else, such as Dallas. At that point your device becomes a “VPN client” and appears to actually be in Dallas or somewhere else.
PPTP, L2TP, SSTP, and IDEv2 are the four most popular VPN protocols that servers use to communicate with VPN clients. Some VPN companies provide the option to use any of these protocols. The question is asked of me: What is the difference among them?
Point-to-Point Tunneling Protocol (PPTP) is probably the most widely used because it is supported by the most devices. It is easily implemented in low-powered devices like smartphones and has relatively low overhead, making it faster than other protocols. PPTP has been called insecure by some security experts, but it is the only protocol that will work on some older devices.
Layer 2 Tunneling Protocol (L2TP) is a more secure protocol. The strongest L2TP encryption uses 168-bit keys and the Triple Data Encryption Standard (3DES) algorithm. This provides much stronger data integrity and authentication of origin verifications that will keep a hacker from being able to intercept the L2TP data. The downside is that the added computing burden results in slower connection speeds.
Secure Socket Tunneling Protocol (SSTP) uses 2048-bit certificates for authentication and even more secure encryption algorithms. This makes SSTP the strongest of the three most popular protocols—and also the slowest. One characteristic of SSTP is that its use of Secure Sockets Layer (SSL) over Transmission Control Protocol (TCP) port 443 allows SSTP to pass through many firewalls and proxy servers. English translation: SSTP sometimes works where PPTP and L2TP are blocked, such as in countries where the internet is censored.
Internet Key Exchange version 2 (IKEv2) is the newest of the protocols and considered by many the most secure. This protocol is well suited for newer computers and mobile devices with greater processing power.
So which is the best protocol to use? All provide adequate protection for most users’ needs, so why even be concerned with such confusing technical details especially since not all VPN providers offer a choice.
If you often use public Wi-Fi at coffee shops, airports, hotels, etc., then there is a real advantage to having more than one VPN protocol available in case you need it. In some locations one protocol might work while others are blocked. In that situation you will be glad your VPN provider offered you a choice.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981, and now practically a full-time resident. He may be contacted at 415 101 8528 or email FAQ8@SMAguru.com.