Differences between PPTP, L2TP and OPEN VPN
|
PPTP
|
L2TP
|
openVPN
|
|
|
background
|
PPTP is a very basic protocol based on PPP. PPTP is the first VPN protocol supported by the Microsoft Windows platform. The PPTP standard does not actually describe the encryption and authorization features, and relies on the tunneling of the PPP protocol for security functions.
|
L2TP is a high-level protocol formally standardized in IETF RFC 3193. Recommended as an alternative to PPTP where secure encryption is required. |
OpenVPN is an advanced open source VPN solution powered by "OpenVPN technologies" and has become the de facto standard in open source networking. OpenVPN uses the mature SSL/TLS encryption protocol.
|
|
data encryption
|
PPP payloads are encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm and uses keys of up to 128 bits.
|
The L2TP payload is encrypted using the standard IPSec protocol. The use of the 3DES or AES encryption algorithm as the encryption method is specified in RFC 4835. |
OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports several different encryption algorithms, such as: 3DES, AES, RC5, etc.
|
|
Install
configure
|
All versions of Windows and most other operating systems, including mobile platforms, have built-in support for PPTP. PPTP requires only a username and password, and a server address, so installation and configuration are fairly simple.
|
All Windows platforms from 2000/XP and Mac OS X 10.3+ have built-in support for L2TP/IPSec. Most modern mobile platforms like iPhone and Android also have built-in clients.
|
OpenVPN is not included in any operating system and requires client software to be installed, but the installation is also quite simple and can be completed in basically 5 minutes.
|
|
speed
|
Since the 128-bit key is used, the encryption overhead is less than OpenVPN's 256-bit key, so the speed feels slightly faster, but the difference is negligible.
|
L2TP/IPSec encapsulates data twice, so it is slightly less efficient and slower than other competitors.
|
OpenVPN performs best when using the default UDP mode.
|
|
port
|
PPTP uses TCP port 1723 and GRE (protocol 47). PPTP can be easily blocked by restricting the GRE protocol.
|
L2TP/IPSec uses UDP port 500 to initiate key exchange, protocol 50 to transmit IPSec encrypted data (ESP), UDP 1701 to initiate L2TP configuration, and UDP 4500 to traverse NAT. L2TP/IPSec is easier to block than OpenVPN because it relies on fixed protocols and ports.
|
OpenVPN can easily be configured to run on any port, either UDP or TCP. For smooth traversal of restrictive firewalls, OpenVPN can be configured to use TCP port 443, as this is indistinguishable from standard HTTPS and extremely difficult to block.
|
|
stability
compatibility
|
PPTP is not as reliable as OpenVPN, nor does it recover as quickly in unstable networks as OpenVPN. There are also some compatibility issues with the GRE protocol and some routers.
|
L2TP/IPSec is more complex than OpenVPN and can be more difficult to configure for reliable use by devices under NAT routers. However, as long as both the server and client support NAT traversal, then there is no problem.
|
无论是无线网络、蜂窝网络,还是丢包和拥塞经常发生的不可靠网络,OpenVPN 都非常稳定、快速。对于那些相当不可以的连接,OpenVPN 有一个 TCP 模式可以使用,但是要牺牲一点速度,因为将 TCP 封装在 TCP 时效率不高。
|
|
安全弱点
|
微软实现的 PPTP 有一个严重的安全问题(serious security vulnerabilities)。对于词典攻击来说 MSCHAP–v2 是很脆弱的,并且 RC4 算法也会遭到“位翻转攻击( bit–flipping attack )”。如果保密是重要的,微软也强烈建议升级到 IPSec。
|
IPSec 没有明显的漏洞,当和安全加密算法如 AES 一起使用时,被认为是很安全的。
|
OpenVPN 也没有明显漏洞,当和安全加密算法如 AES 一起使用时,也被认为是相当安全的。
|
|
客户端的兼容性
|
Windows
Mac OS X
Linux
Apple iOS
Android
DD–WRT
|
Windows
Mac OS X
Linux
Apple iOS
Android
|
Windows
Mac OS X
Linux
|
|
结论
|
由于主要的安全漏洞,除了兼容性以外没有好的理由选择使用PPTP。如果你的设备既不支持 L2TP/IPSec 又不支持 OpenVPN,那么PPTP 是一个合理的选择
|
L2TP/IPSec 是优秀的,但相比 OpenVPN 的高效和杰出的稳定性要落后一点。如果你使用运行 iOS 或 Android 的移动设备,那么这就是最佳的选择,因为 OpenVPN 目前还不支持这些平台。另外,如果需要快速安装,L2TP/IPSec 也是一个较佳的选择。
|
对于所有的 Windows, Mac OS X 以及 Linux 桌面用户来说,OpenVPN 是最好的选择。OpenVPN 速度快,并且安全可信。但劣势是缺乏对移动设备的支持,另外还需要安装第三方客户端。
|