So, currently we support PPTP, OpenVPN and now L2TP/IPSec.
In a previous article we already highlighted the differences between PPTP and OpenVPN. Today we will focus on PPTP versus L2TP/IPSec.
L2TP is a tunneling protocol that allows us to create VPNs. L2TP uses UDP protocol (in contrast with PPTP that uses TCP protocol).
It is important to understand that L2TP doesn't provide by itself any protection (i.e. encryption) to the data being transported. We need to add another layer that provides this service, in our case IPSec.
So, in a typical L2TP/IPSec communication, first IPSec establishes a secure channel between the client and the server and then L2TP takes care of further authentication of the client and establishing the tunnel to securely transport client data to the server within the secure channel provided by IPSec. So IPSec "wraps" L2TP communication and keeps our data safe from prying eyes.
PPTP vs L2TP/IPSec
The main drawback of PPTP versus L2TP/IPSec is the encryption strength (for a good introduction to what is encryption strength and why should you care, check this).
PPTP maximum encryption is 128bit using Microsoft Point-to-Point Encryption (MPPE). IPSec can provide much stronger encryption with more up-to-date ciphers. Typically (as in our case) the cipher used will be AES with 128bit keys.
Moreover, L2TP provides data integrity (protection against modification of the data between the time it left the sender and the time it reached the recipient), authentication of origin (confirmation that the user who claims to have sent the data really did), and replay protection (which keeps a hacker from being able to capture data that is sent, such as the sending of credentials, and then “replay” it to “trick” the server) all of which PPTP is unable to provide.
Due to the additional security features provided by L2TP/IPSec, the overhead involved can result in slightly slower performance than PPTP. But this is negligible most of the times.
PPTP is very easy and quick to deploy as it is supported by default by most operating systems. However, L2TP/IPsec is also easy, but does not have such widespread support and so can require a little more effort to set up.
Finally, L2TP/IPSec is more "firewall friendly" than PPTP, meaning that it has more chances to work where PPTP is not supported/blocked.
If security is your priority, then definitely use L2TP/IPSec over PPTP when comparing the two protocols.
Also, you will not have any other options when you find PPTP blocked or unsupported by ISPs.
If you want a quick solution, easy to deploy and that will work on most devices without much overhead, then PPTP is the recommended option for you.
OpenVPN remains our No.1 ranked protocol of the three we offer – OpenVPN, L2TP/IPSec, PPTP.