For some performance and throughput reasons, I am almost forced to use PPTP protocol on my router to connect to my VPN, instead of L2TP or OpenVPN. I know it had many security flaws, but, is it really that bad or maybe even totally useless?
Ideally, if you use L2TP, then you should use it with IPsec.
PPTP is a very, very old protocol which was developed by Microsoft. It is very easy to configure and works with a very small footprint.
The problem with it is that the encryption method used is totally out of date and can be very easily cracked. Even Microsoft advises not to use it anymore.
Why not just use L2TP? OpenVPN has a lot of overhead, so you might need beefy hardware to run it. L2TP will work on your router and give you similar performance to PPTP. It’s just more secure than PPTP.
If possible you could try wireguard. It’s the rising star in the VPN universe but it’s still in alpha stage.
If performance and bandwidth is a issue, look into Wireguard.
PPTP protocol was designed at a different time when security was a manageable concern. If you must continue to use PPTP : 1. Change password monthly; AND 2. Use a password that is longer than 35 characters.
I just thought L2TP and IPsec were almost the same thing, could you please explain the difference? Thanks.
About PPTP, yeah, i also read that basically its security is based on your password, is it right?
Thanks for your answer, I still haven’t tried L2TP (because of some connection errors i need to troubleshoot), but i will give it a try. Do you think i will still get a good performance? I have read that L2TP/IPsec has still a lot of overhead but i might be wrong. If you’re telling me i will get still a good performance i might give it a try
It’s beyond alpha … kind of in beta-almost-ready-to-be officially-used stage. Hopefully this year it will be included in the Linux kernel.
And it works very well, much better than most ‘stable’ VPN userland apps.
Is wireguard a means of connecting to your own computers?
Regarding pptp, it would make sense to go over this:
It’s mostly tin-foil-hat stuff, but in this case, it should be taken seriously.
L2TP has a certain function, it was not created to run as a VPN on its own. For more reading:
Though, the tin-foil-hat tendency nowadays is to not use to L2TP with IPsec anymore. Instead, only certificates should be used (which causes yet more problems, the X509-certificate exchange).
Originally I wanted to write beta ^^
I’ve tried it and I was not able to get it running. Only tried it for 30 mins to be honest. My problem was probably a missing kernel module. For now my OpenVPN serves all my needs.
So what do you suggest me to do? That’s the situation, i have an ASUS RT-AC88U with Merlin and ISP 100/20 connection, that CPU, since OpenVPN is single threaded is not able to carry out the full speed. Do you suggest me to leave it on L2TP and forget about it? Or maybe you have some hardware to suggest me
Sadly, it doesn’t seem that the RT-AC88U is supported by OpenWrt.
What you could do is to get a SoC (a raspberry pi like device), and then put a VPN server on that.
Softether has a very good three-in-one VPN package: OpenVPN, L2TP/IPsec and SSTP – and it can be set up very easily.
That Asus RT-AC88U is using an Arm A9 @ 1.40GHz.
Even on OpenVPN if you can do AES-128-GCM (and you said you’re running Merlin, so it should support this) you should be able to shove 65Mbit+ through it. If you’re forced to AES-192 or AES-256 and/or CBC mode it will be heavier and slow down a bit more.
I do already have a raspberry with pihole and pivpn combo but I also wanted a commercial vpn
I’ll give it a try with AES-128, but the best would be to achieve 80mbps
What is a ‘commercial’ vpn?
I can not mention it here because of rules. It’s every VPN service you can buy, just type on google and you’ll find many, the most famous one is “the red one”, that’s what i mean with commercial VPN
If you’re looking for a high quality VPN on your Android, I’ve had the best results with Wireguard.
The app is very well done. The config is a little bit of a pain, but once it is running, it just works.