The difference between PPTP, L2TP/IPsec and OpenVPN

The world of VPN (Virtual Private Networks) can be confusing enough for the beginner so after spending time looking for the best VPN service you can be given even more of a headache when the provider offers you choices such as PPTP, L2TP/IPsec and OpenVPN. We aim to remove this confusion by informing you of the best VPN protocol to use.

VPN Protocol

VPN Protocols can be confusing.

It can be made even more confusing if you only have the choice of one or the other of them. In this article we aim to explain in layman’s terms to give you a basic overview of the differences and allow you to make an informed choice when choosing the best VPN protocol to use.

As a basic summary each is a different type of doing exactly the same thing, they are all protocols of VPN connection but the differences range in speed, CPU usage (central processing unit – how much power of your computer is needed) and probably most importantly of all, encryption.

For the reasons given above it is extremely important to understand the basics of each protocol because depending on your reasons for using a VPN depends which protocol is best suited to your needs.

PPTP Description :

PPTP stands for Point-to-Point Tunneling Protocol. It is a very low level encryption method which is widely supported over a range of systems and was the very first protocol accepted on Microsoft systems such as Windows.

PPTP is ideal because of the ease of setup, for a starter the required details can be as simple as a username and password.

However although the ease of use is a plus, this is where the positives end. Due to the low encryption method (128 bit) it can seem faster so for non security critical uses such as watching online TV streaming services it would be ideal although it must be remembered that it is less secure than other protocols. There has been proof that the Microsoft implementation is flawed and can be broken by dictionary attack, it is also widely accepted that government institutions such as the NSA can easily bypass such encryption when making use of PPTP.

PPTP is also susceptible to causing issues when the network you are accessing across is unstable, this can lead to dropped connections without warning. When surfing sites where you wish to remain anonymous this could result in your VPN connection dropping and you continuing to access services via your own connection revealing your IP address and location etc without your knowledge that the connection has dropped. This could be especially risky when making use of 3/4G or low signal public networks. These are definitely areas to consider when choosing the a VPN protocol for your use.

The disadvantages of using PPTP are further complicated due to the ports that the services uses, these can easily be blocked by a network administrator or country rendering the PPTP service useless.

In summary PPTP is great for being compatible on a wide range of systems, it is easy to setup and therefore may be ideal for the beginner in to the world of VPNs. The security issues and unreliability make it an unattractive option for those concerned about their privacy, we would not recommend using PPTP unless it is the only protocol available to you. In our opinion you should not consider PPTP to be the best VPN protocol to use.

L2TP/IPsec Description :

L2TP stands for Layer 2 Tunneling Protocol. It is an advanced level protocol of VPN which is ideal for using for secure data transfer and is widely recommended as an ideal replacement for PPTP.

L2TP/IPsec uses 256 bit keys giving a higher level of encryption and can be encrypted using either 3DES (Triple Data Encryption Algorithm) or AES (Advanced Encryption Standard)

AES with 256 bit keys is the first approved encryption ciper by the NSA (National Security Agency) of the US for use with sensitive information. Due to recent revelations regarding the NSA and US and other world government organisations, users may wish to consider how much faith they put in to claims by organisations such as the NSA and how reliable that may be in regard to backdoors available to said organisations.

The standard is available on a range of devices such as Windows & Mac with no software required plus is also available over a wide range of mobile phones and tablets making it an easy to access protocol.

In terms of speed due to the extra encryption it is likely to cause a slower connection speed than that of PPTP although on our own tests the noticeable speed difference is negligible. L2TP/IPSec is considered one of the most CPU hungry protocols although on modern systems is unlikely to cause you any concern.

In summary L2TP/IPsec is one of the better VPN protocols available for the security conscious. With easy to set up guides available by most VPN providers we feel this is an ideal choice if OpenVPN is not available as an option and would definitely recommend this as one of the best VPN protocols to use.

OpenVPN Description :

OpenVPN is an open source software application. This is classed as one of, if not the best method to use when making connection to your VPN. Not only is it less CPU hungry than L2TP/IPSec but we have also found it extremely fast although possibly slower than PPTP due to the encryption employed.

The software does not come built in to any operating system but is available to download for all major platforms including Windows, Mac, Android etc. It is easy to use and setup and is normally available from all good VPN providers in an easy to use manner which will be accessible to even the new user.

OpenVPN can be run across any port so unlike PPTP it is extremely difficult if not impossible to block by system administrators so by using it you are secure from your network blocking the application.

The protocol is fast and stable, when connection problems appear it is very unlikely to drop connection keeping your privacy and security intact. Currently there are no known vulnerabilities which ensures your data is safe and protected from outside snooping.

OpenVPN has won numerous awards from “Best SSL VPN” to “Best VPN Tool” and comes highly recommended from those in the VPN and security industry.

We highly recommend OpenVPN as the best VPN protocol to use when available and unless it is not available we do not recommend using any other protocol.

We hope this guide has enlightened you on the different protocols available and given you some idea on which is the best VPN protocol to use and in what order when available. We would love to hear your thoughts or suggestions on the various protocols so please feel free to post a comment below as we are open to discussion from you, our readers.

Image courtesy of foto76 at FreeDigitalPhotos.net

  • huszar

    “As a basic summary each is a different type of doing exactly the same
    thing, they are all protocols of VPN connection but the differences
    range in speed, CPU usage (central processing unit – how much power of your computer is needed) and probably most importantly of all, encryption.”

    It would be nice to know as well that how the 3 protocols affect the speed and CPU usage.

    Ildiko

    • VPNCompare

      Great idea Ildiko. I’ll make sure some information on that is added in the next few days.

      • ildiko

        thanks.

        • VPNCompare

          I have updated the article slightly to reflect this although there is not an overly huge amount of information I can add in terms of specifics as this would depend on many factors. In terms of speed PPTP is considered the fastest but is insecure mainly, so for tasks such as TV streaming it is ideal, but for your security and privacy it is considered useless.

          L2TP/IPSec is more CPU hungry, although if you have a fairly modern system it isn’t going to impact on your computer usage.

          OpenVPN would be most recommended as it is less CPU intense than L2TP and is considered the most reliable and secure form of VPN – use this when available.

          With all three unless you have an extremely old system then they are all suitable and I haven’t personally suffered CPU wise or speed wise when using OpenVPN for all tasks.