PPTP vs L2TP/IPSec

VPN In-depth, VPN Types Add comments

PPTP vs L2TP/IPSecWe have just introduced a new VPN protocol in our VPN network: L2TP/IPSec

So, currently we support PPTP, OpenVPN and now L2TP/IPSec.

In a previous article we already highlighted the differences between PPTP and OpenVPN. Today we will focus on PPTP versus L2TP/IPSec.

 

L2TP/IPSec

L2TP is a tunneling protocol that allows us to create VPNs. L2TP uses UDP protocol (in contrast with PPTP that uses TCP protocol).

It is important to understand that L2TP doesn't provide by itself any protection (i.e. encryption) to the data being transported. We need to add another layer that provides this service, in our case IPSec.

So, in a typical L2TP/IPSec communication, first IPSec establishes a secure channel between the client and the server and then L2TP takes care of further authentication of the client and establishing the tunnel to securely transport client data to the server within the secure channel provided by IPSec. So IPSec "wraps" L2TP communication and keeps our data safe from prying eyes.

 

PPTP vs L2TP/IPSec

The main drawback of PPTP versus L2TP/IPSec is the encryption strength (for a good introduction to what is encryption strength and why should you care, check this).

PPTP maximum encryption is 128bit using Microsoft Point-to-Point Encryption (MPPE). IPSec can provide much stronger encryption with more up-to-date ciphers. Typically (as in our case) the cipher used will be AES with 128bit keys.

Moreover, L2TP provides data integrity (protection against modification of the data between the time it left the sender and the time it reached the recipient), authentication of origin (confirmation that the user who claims to have sent the data really did), and replay protection (which keeps a hacker from being able to capture data that is sent, such as the sending of credentials, and then “replay” it to “trick” the server) all of which PPTP is unable to provide.

Due to the additional security features provided by L2TP/IPSec, the overhead involved can result in slightly slower performance than PPTP. But this is negligible most of the times.

PPTP is very easy and quick to deploy as it is supported by default by most operating systems. However, L2TP/IPsec is also easy, but does not have such widespread support and so can require a little more effort to set up.

Finally, L2TP/IPSec is more "firewall friendly" than PPTP, meaning that it has more chances to work where PPTP is not supported/blocked.

 

Summary

If security is your priority, then definitely use L2TP/IPSec over PPTP when comparing the two protocols.

Also, you will not have any other options when you find PPTP blocked or unsupported by ISPs.

If you want a quick solution, easy to deploy and that will work on most devices without much overhead, then PPTP is the recommended option for you.

OpenVPN remains our No.1 ranked protocol of the three we offer – OpenVPN, L2TP/IPSec, PPTP.


 over \

Get Your VPN NOW!

One Response to “PPTP vs L2TP/IPSec”

  1. Blog TUVPN.COM - MAC OSX 10.5 L2TP/IPSec Tutorial Says:

    […] provides enhanced security compared to PPTP, so if you are using PPTP on your MAC we encourage you to check L2TP and switch […]

Leave a Reply

*

Get Your VPN NOW!

©2011 TUVPN.COM. All rights reserved.