Which VPN Protocol Should You Use? PPTP vs. OpenVPN vs. IPsec

by Tracy Knauer •

All VPNs encrypt traffic, but the underlying encryption schemes are not always the same. There are three main types of encryption and data transfer protocols that VPNs can use: PPTP, OpenVPN and IPsec. Many VPN services let you choose which protocol to use. Read on for an overview of each option.

PPTP

PPTP is one of the oldest forms of network data encryption. It has been around since the days of Windows 95. That means it’s widely supported on all major operating systems today, and it is easy to configure.

The major downside to PPTP is that hackers and government censors have become good at decrypting it. PPTP encryption is easy to crack, so you shouldn’t use PPTP if you’re worried about data privacy.

OpenVPN

OpenVPN is a newer encryption protocol. It uses the same type of encryption layer — SSL/TLS — as the HTTPS protocol, which encrypts data transfer from websites.

This encryption protocol is not perfect — security vulnerabilities have appeared in the past, most notably related to an attack called Shellshock — but it’s relatively secure.

The challenge with OpenVPN is that it’s not built into most operating sytems. That means you have to rely on a custom app to make it run.

Another advantage of OpenVPN is that, because it is based on the same type of encryption as HTTPS, it is hard for network monitors to tell when you are using a VPN via the OpenVPN protocol. You blend in with people accessing HTTPS-protected websites.

For the same reason, it’s difficult to block OpenVPN on a network without also blocking HTTPS, which would not be practical in most situations because it would prevent access to many websites. That makes OpenVPN hard to censor.

IPsec

IPsec is probably the most secure protocol for VPN access when configured properly. However, it is also easy for network censors to block because it runs on a specific port.

There have also been reports that IPsec encryption is vulnerable to cracking. If it is configured in the right way this does not seem to be an issue, but the jury is still out.

In general, IPsec may be the best option for privacy if you are sure that it is set up the right way, but not if you don’t want your VPN to be blocked.

Leave a Reply

Your email address will not be published.