PPTP vs. L2TP vs. OpenVPN vs. SSTP vs. IKEv2

protocolUsually VPN providers offer several types of connection at option. Sometimes the connections are supplied as a part of different tariff plans and more often than not as a constituent of a unique package. The article purpose is to perform all the accessible VPN options and help you understand the basic characteristics of the applied technologies.

Note about a ciphering key length

As a rough guide, a key length, which is used during a cipher creation, defines how much time it will take while subjecting the ciphered information to brute forcing. Thus, ciphers with longer bit keys requires more time for such forcing than short ones.

Today it's practically impossible to find VPN-encryption with the usage of a key less than 128 bit and it becomes more and more difficult to find 256-bit ciphering in the offered OpenVPN solutions, which run even 2048-bit keys. But what do these numbers define on practice? This means that 256-bit ciphering is really more efficient than 128-bit one.

A short answer is that during a practical usage for individual needs there is a slight difference. However, it’s true that crash of 256-bit key will take up 2128 times more computer capacity than 128-bit key forcing. That means you will need 3.4х10^38 brute forcing attempts, which is a heroic act for all today’s computers and even for those being created in the nearest future. Just in case we decided to brute force 128-bit key while using the fastest supercomputer, it would take us about one milliard years to get the desired information.

ExpressVPN Overview

protocolAs long as 128-bit key can’t be crashed by brute force, it will be reasonable to say the bit-key length is pretty enough for an average customer and business clients. Moreover, it’s known that government authorities dealing with exceptionally controlled data run 256-bit encryption key (the US government, for instance, run certified NIST 256-bit AES-cipher).

Then why there are so many VPN companies offering 256-bit keys to use, if not speaking about 2048-bit? Especially if mentioning the fact that the longer a bit-key is, the more computer power is demanded.  The answer is as simple as one, two, three! The main reason is marketing and a never ending war between VPN competitors. It’s easier to sell services with longer bit-keys for ciphering.

Huge corporations and governments can require additional protection, which is maintained through the usage of long bit-keys. However, an ordinary customer can be absolutely satisfied with 128-bit one.

Various ciphers have different vulnerabilities, which can be used for fats hacking. Moreover, the purpose can be satisfied with specially designed programs, such as keyboard spies. As a conclusion it can be said that usage of a bit-key longer that 128-bit has little sense in bulk.


The protocol was created by Microsoft for VPN designing through a dial-up access. Thus, the protocol is common solution for creating VPN connection. Besides, the protocol is compatible with the major OSes and can be used without any additional software installation. The protocol is usually used with 128-bit key. However, the protocol has been discovered to contain several essential vulnerabilities.





  • it’s built in major OSes;
  • it’s extremely easy for setting up;
  • it operates fast
  • a vulnerable protocol’s version (MS-CHAP v.2) is still widely used.

L2TP and L2TP/IPSec

The protocol itself doesn’t provide you with tunneling and ciphering of confidential traffic. That’s why it’s usually used in combination with IPSec one.

The protocol is built in major OSes and doesn’t require any technically advanced knowledge for its settings. The issue is that the protocol can be blocked by a firewall if you stay behind NAT.

L2TP and L2TP/IPSec

Up to the current moment the protocol is stated to have no essential vulnerabilities and is considered as one of the most secure. Nevertheless, it uses more computer power, which is not so good for your internet speed.




  • it’s highly secure;
  • it’s extremely easy for setting up;
  • it’s compatible with numerous OSes
  • it’s much slower in operation than OpenVPN or PPTP;
  • it can ask for additional setting of your router


It’s stated to be a pretty new solution with an open code or free source, which runs OpenSSL library and SSLv3/TLSv1 protocols with all the other technologies for VPN service.

Besides, the VPN supports major cryptographic algorithms (AES, Blowfish, 3DES, CAST-128, Camelia, etc.). Today, the protocol is known to be number one solution for VPNs. Earlier it was difficult to run it for iOS and Android. Today the issue is solved with the help of side software.




  • it offer flexible setting;
  • it’s extremely secure;
  • it deals with firewalls;
  • it can use a wide range of algorithms
  • it requires side software for Android and iOS;
  • it can be inconvenient during the set-up;
  • it has a limited support for portative gadgets.


Select by criteria

Although the protocol is allowed for Linux and RouterOS, it’s still widely used for Windows only. It has the same characteristics as OpenVPN, but due to the built-in nature it’s more stable and sturdier against changes.





  • it’s critically secure;
  • it’s prebuilt-in Windows system starting with Windows Vista+;
  • it’s supplied with support from Microsoft;
  • it can operate through firewalls
  • it operates with Windows only


What makes the protocol unique is that it’s extremely mobile. It allows switching from mobile internet to a public Wi-Fi hotspot without any visible changes or disconnection of a VPN connection. The protocol is one the few ones that support Blackberry OS.




  • it’s stated as one of the fastest VPN protocols;
  • it’s very mobile and allows changing network connections without breaking a VPN connection;
  • it’s extremely easy for setting up
  • it’s not supported by many platforms;
  • the protocol is based on IPSec (see the protocol’s cons);
  • it’s blocked by firewalls


In such a way, most customers’ demands will be satisfied with be satisfied with OpenVPN usage, probably, enhanced with the use of L2TP/IPSec. However, you shouldn’t rely on the usage of one and the same encryption solution, as long as different situations require case-by-case overcoming.  

Update: 16/01/2018