PPTP, IKev2, SSTP, OpenVPN, Stealth?
Any idea? And why?
OpenVPN is the most secure atm. Wireguard will be faster and more secure than OpenVPN once it is finished
Well, VPN speed really is not just a VPN protocol. The connection speed to a VPN server might be influenced by the protocol used, but protocol by itself does not influence internet speed that much.
- PPTP is not secure protocol, it is old, outdated and not recommended to use. Forget about it.
- IKEv2 is used with IPSec for encryption, it is actually really fast to connect and reconnect to servers when chanigng networks, turning on anf off the Wi-Fi or mobile data - it is a really good choice for mobile devices.
- SSTP is considered a secure protocol, it uses SSL encryption. It is mostly Windows based protocol, since it was developed by Microsoft. Ofc you can find it in other OS, but I personally did not use it, can not tell much about it.
- OpenVPN is considered the most secure protocol, it supports AES-256 encryption and by far it is most secure protocol, not only of good encryption, but also that it is open source, which allows to audit and inspect its code. Regarding the speeds it is OK. To Connect to a VPN server with OpenVPN takes a bit longer from my experience, but it did not really affect the internet speed after connecting.
But honestly, the speed and security really depends on the whole VPN providers infrastructre and how did they configure their servers. If you live in US and connect to China, do whatever you want, your browsing speed will be a disaster. Have a shit Wi-Fi at home - the same.
PPTP should not be used anymore. Even Microsoft (which designed the protocol) has advised against using it.
It depends on which OS you are using and for what reason.
One protocol which has not been mentioned is ‘OpenConnect’, which is quite simple to set up (you just need to make the keys and to edit a simple .conf file), but after that just works and OpenConnect works fast.
OpenConnect works fine on all OS and mobile platforms. OpenConnect was initially set up by Cisco (the makers of high quality routers), called ‘AnyConnect’ in Cisco-speak.
OpenVPN is kind of old now and it has also been something bulky.
SSTP was designed to be the successor of PPTP and works fairly well on Windows.
For Android, Shadowsocks works very well as the Android client turns Shadowsocks into a VPN service (on the PC, it’s just a proxy).
1- PPTP: fastest 
lowest security
2- L2TP/IPsec: not fast as PPTP better security
3- IKev2: faster than L2TP more secure than L2TP
4- OpenVPN: low speed secure than IKev2
5- SoftEther: lower speed than OpenVPN secure than OpenVPN
6- SSTP: most secure protocol lowest speed
I mostly concern over the company logging instead.
Which company doesn’t log? Seriously…
Keep in mind that barring some known exploit, the most secure protocols will always be the slowest ones - their security comes from how difficult it is to “parse” them.
You want it to take time for a computer to work on, because the longer it takes to encrypt/decrypt when using the correct keys means it takes that much longer every time someone uses the wrong key.
PPTP is fastest and has lowest security
SSTP is slowest and has most security
I would like to clarify that Wireguard is already faster and by a huge margin.
OpenVPN is the most secure atm.
That would be somewhat difficult to make that claim. OpenVPN is plagued by security issues.
No Wireguard is definatly a new protocol that is still in development so if you do use it then make sure to use it only with non sensitive communications untill its been fully released
No, I will not google it for you.
Okay, well I have many criticisms of OpenVPN like its tremendously poor optimization, but security is not one of them. “Plagued by security issues” is certainly an exaggeration.
Are you looking at closed CVEs, audit results, misconfiguration, what? You’re the one making a claim that goes against general consensus, so the burden is on you to explain and document what you mean. I’m not going to try and guess at it.
“Plagued by security issues” is certainly an exaggeration.
OpenVPN is very old school, and OpenVPN continues to make use of the very outdated X509 certificate exchange – which has been and still is a big cause of many security problems.
VPN’s are moving on now, but it seems that OpenVPN is still stuck in the past.
OpenVPN is very old school… VPN’s are moving on now, but it seems that OpenVPN is still stuck in the past.
On that we agree. A rewrite of the packet engine and the release of OVPN 3.0 is way, way overdue.
OpenVPN continues to make use of the very outdated X509 certificate exchange – which has been and still is a big cause of many security problems.
X.509 isn’t a major problem as long as you’re not using MD5 or SHA-1, particularly since OpenVPN is not intended or recommended to be used with a certificate authority. Most issues arise from misconfiguration, which is a legitimate problem, but the onus is mostly on sysadmins.
It’s a somewhat valid point, but I still think “plagued by security issues” is a bit much.
but I still think “plagues by security issues” is a bit much.
Sometimes the truth hurts. No, I will not just say what you want to hear.