Comparison of VPN protocols
Intro |
|||
---|---|---|---|
A very basic VPN protocol based on PPP. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. | IKEv2 (Internet key exchange version 2) is part of the IPSec protocol suite. Standardized in RFC 7296. IPSec has become the defacto standard protocol for secure Internet communications, providing confidentiality, authentication and integrity. | Open-source VPN protocol developed by OpenVPN technologies. Very popular however not based on standards (RFC). Uses a custom security protocol and SSL/TLS for key exchange. Provides full confidentiality, authentication and integrity. | WireGuard® is an extremely fast VPN protocol with very little overhead and state-of-the-art cryptography. It has the potential to offer a simpler, more secure, more efficient, and easier to use VPN over existing technologies. |
Encryption |
|||
---|---|---|---|
The PPP payload is encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys. | IKEv2 implements a large number of cryptographic algorithms including 3DES, AES, Blowfish, Camellia. YVPN implements IKEv2 using AES with 256 bit keys. | OpenVPN uses the OpenSSL library to provide encryption. OpenSSL implements a large number of cryptographic algorithms such as 3DES, AES, RC5, Blowfish. As with IKEv2, YVPN implements AES with 256 bit keys. |
Built atop ChaCha20 for symmetric encryption (RFC7539), Curve25519 for Elliptic-curve Diffie–Hellman (ECDH) anonymous key agreement, BLAKE2s for hashing (RFC7693), SipHash24 for hashtable keys, and HKDF for key derivation (RFC5869). Makes use of a UDP-based handshake and the key exchange uses perfect forward secrecy while avoiding both key-compromise impersonation and replay attacks. |
Security weaknesses |
|||
---|---|---|---|
The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern. | IPSec has no known major vulnerabilities and is generally considered secure when implemented using a secure encryption algorithm and certificates for authentication. However Leaked NSA presentations indicate that IKE could be exploited in an unknown manner to decrypt IPSec traffic. | OpenVPN has no known major vulnerabilities and is generally considered secure when implemented using a secure encryption algorithm and certificates for authentication. | WireGuard® has no known major vulnerabilities. It is relatively new and has not seen the thorough vetting of OpenVPN, though the code-base is extremely small, so full audits are possible by individuals and not just large organizations. WireGuard® is in-tree with Linux Kernel 5.6 and has been reviewed by a 3rd party auditor. |
Speed |
|||
---|---|---|---|
With RC4 and 128 bit keys, the encryption overhead is least of all protocols making PPTP the fastest. | IPSec with IKEv2 should in theory be the faster than OpenVPN due to user-mode encryption in OpenVPN however it depends on many variables specific to the connection. In most cases it is faster than OpenVPN. | When used in its default UDP mode on a reliable network OpenVPN performs similarly to IKEv2. | WireGuard® benefits from extremely high-speed cryptographic primitives and deep integration with underlying operating system kernel, so speeds are very high with low overhead. Most customers report higher speeds than OpenVPN. |
Firewall ports |
|||
---|---|---|---|
PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol. | IKEv2 uses UDP 500 for the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP) and UDP 4500 for NAT traversal. IKEv2 is easier to block than OpenVPN due to its reliance on fixed protocols and ports. |
OpenVPN can be easily configured to run on any port using either UDP or TCP thereby easily bypassing restrictive firewalls. | WireGuard® uses the UDP protocol and can be configured to use any port. May succumb to traffic shaping more easily than OpenVPN due to lack of support for TCP. |
Setup / Configuration |
|||
---|---|---|---|
All versions of Windows and most other operating systems (including mobile) have native support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure. | Windows 7+, macOS 10.11+ and most mobile operating systems have native support for IPSec with IKEv2. | OpenVPN is not included in any operating system release and requires the installation of client software. Installation typically takes less than 5 minutes. | WireGuard® is in-tree with Linux Kernel 5.6. Other non-linux operating systems require the installation of a WireGuard® client app. Installation typically takes less than 5 minutes. |
Stability / Compatibility |
|||
---|---|---|---|
PPTP is not as reliable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers. | IPSec is more complex than OpenVPN and can require additional configuration between devices behind NAT routers. However as long as both the server and client support NAT traversal there shouldn't be any issues. | Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices significant performance due to the inefficiency of encapsulating TCP within TCP. | Extremely stable and robust. More stable than OpenVPN when roaming across networks. Uses an initial endpoint for connections and can switch servers while maintaining the connection. Client can also change networks without dropping the connection. |
Verdict |
|||
---|---|---|---|
Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which only PPTP is supported then you should consider how to encrypt data at other layers e.g. HTTPS. | IKEv2 is an excellent choice, it is extremely fast, secure and reliable. In addition unlike OpenVPN it requires no additional software to be installed (in most cases) and is therefor the quickest to configure. If you have a threat model that includes sophisticated adversaries then you may want to consider OpenVPN due to the leaked NSA presentations discussed above. | OpenVPN is an excellent choice for all platforms. It is extremely fast, secure and reliable. | WireGuard® is an excellent choice and may be the best protocol for high speeds. WireGuard® promises better security and faster speeds compared to existing solutions. Since its merge into Linux Kernel (v5.6) and the release of v1.0, we consider WireGuard® to be ready for wide-scale use. |
PPTP
Intro
A very basic VPN protocol based on PPP. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality.
Encryption
The PPP payload is encrypted using Microsoft’s Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys.
Security weaknesses
The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern.
Speed
With RC4 and 128 bit keys, the encryption overhead is least of all protocols making PPTP the fastest.
Firewall ports
PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol.
Setup / Configuration
All versions of Windows and most other operating systems (including mobile) have native support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure.
Stability / Compatibility
PPTP is not as realiable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers.
Verdict
Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which only PPTP is supported then you should consider how to encrypt data at other layers e.g. HTTPS.
IPSec IKEv2
Intro
IKEv2 (Internet key exchange version 2) is part of the IPSec protocol suite. Standardized in RFC 7296. IPSec has become the defacto standard protocol for secure Internet communications, providing confidentiality, authentication and integrity.
Encryption
IKEv2 implements a large number of cryptographic algorithms including 3DES, AES, Blowfish, Camellia. YVPN implements IKEv2 using AES with 256 bit keys.
Security weaknesses
IPSec has no known major vulnerabilities and is generally considered secure when implemented using a secure encryption algorithm and certificates for authentication. However Leaked NSA presentations indicate that IKE could be exploited in an unknown manner to decrypt IPSec traffic.
Speed
IPSec with IKEv2 should in theory be the faster than OpenVPN due to user-mode encryption in OpenVPN however it depends on many variables specific to the connection. In most cases it is faster than OpenVPN.
Firewall ports
IKEv2 uses UDP 500 for the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP) and UDP 4500 for NAT traversal.
IKEv2 is easier to block than OpenVPN due to its reliance on fixed protocols and ports.
Setup / Configuration
Windows 7+, macOS 10.11+ and most mobile operating systems have native support for IPSec with IKEv2.
Stability / Compatibility
IPSec is more complex than OpenVPN and can require additional configuration between devices behind NAT routers. However as long as both the server and client support NAT traversal there shouldn’t be any issues.
Verdict
IKEv2 is an excellent choice, it is extremely fast, secure and reliable. In addition unlike OpenVPN it requires no additional software to be installed (in most cases) and is therefor the quickest to configure. If you have a threat model that includes sophisticated adversaries then you may want to consider OpenVPN due to the leaked NSA presentations discussed above.
OpenVPN
Intro
Open-source VPN protocol developed by OpenVPN technologies. Very popular however not based on standards (RFC). Uses a custom security protocol and SSL/TLS for key exchange. Provides full confidentiality, authentication and integrity.
Encryption
OpenVPN uses the OpenSSL library to provide encryption. OpenSSL implements a large number of cryptographic algorithms such as 3DES, AES, RC5, Blowfish.
As with IKEv2, YVPN implements AES with 256 bit keys.
Security weaknesses
OpenVPN has no known major vulnerabilities and is generally considered secure when implemented using a secure encryption algorithm and certificates for authentication.
Speed
When used in its default UDP mode on a reliable network OpenVPN performs similarly to IKEv2.
Firewall ports
OpenVPN can be easily configured to run on any port using either UDP or TCP thereby easily bypassing restrictive firewalls.
Setup / Configuration
OpenVPN is not included in any operating system release and requires the installation of client software. Installation typically takes less than 5 minutes.
Stability / Compatibility
Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices significant performance due to the inefficiency of encapsulating TCP within TCP.
Verdict
OpenVPN is an excellent choice for all platforms. It is extremely fast, secure and reliable.
WireGuard
Intro
WireGuard® is an extremely fast VPN protocol with very little overhead and state-of-the-art cryptography. It has the potential to offer a simpler, more secure, more efficient, and easier to use VPN over existing technologies.
Encryption
Built atop ChaCha20 for symmetric encryption (RFC7539), Curve25519 for Elliptic-curve Diffie–Hellman (ECDH) anonymous key agreement, BLAKE2s for hashing (RFC7693), SipHash24 for hashtable keys, and HKDF for key derivation (RFC5869). Makes use of a UDP-based handshake and the key exchange uses perfect forward secrecy while avoiding both key-compromise impersonation and replay attacks.
Security weaknesses
WireGuard® has no known major vulnerabilities. It is relatively new and has not seen the thorough vetting of OpenVPN, though the code-base is extremely small, so full audits are possible by individuals and not just large organizations. WireGuard® is in-tree with Linux Kernel 5.6 and has been reviewed by a 3rd party auditor.
Speed
WireGuard® benefits from extremely high-speed cryptographic primitives and deep integration with underlying operating system kernel, so speeds are very high with low overhead. Most customers report higher speeds than OpenVPN.
Firewall ports
WireGuard® uses the UDP protocol and can be configured to use any port. May succumb to traffic shaping more easily than OpenVPN due to lack of support for TCP.
Setup / Configuration
WireGuard® is in-tree with Linux Kernel 5.6. Other non-linux operating systems require the installation of a WireGuard® client app. Installation typically takes less than 5 minutes.
Stability / Compatibility
Extremely stable and robust. More stable than OpenVPN when roaming across networks. Uses an initial endpoint for connections and can switch servers while maintaining the connection. Client can also change networks without dropping the connection.
Verdict
WireGuard® is an excellent choice and may be the best protocol for high speeds. WireGuard® promises better security and faster speeds compared to existing solutions. Since its merge into Linux Kernel (v5.6) and the release of v1.0, we consider WireGuard® to be ready for wide-scale use.