PPTP vs. L2TP vs. OpenVPN vs. SSTP vs. IKEv2

Dainan Gilmore
Dainan Gilmore
Last updated: January 23, 2020

Usually VPN providers offer several types of connections. Sometimes they are supplied as a part of different tariff plans and more often than not as a constituent of a unique package.

What will you know from the article?

You will find the answers to 5 main answers questions about protocols:

The article’s purpose is to perform all the accessible VPN options and help you understand the basic characteristics of the applied technologies.

What is VPN protocol?

When a user gest connected through Virtual Private Network, al the traffic is passed through a tunnel. Snooper, lurkers, hackers and other suspicious users can’t see not only the contents of information package, but from it was sent as well is invisible.

VPN protocol is the way different types of tunneling work. Among the most widely-applied VPN protocols are PPTP, L2TP/IPSec, OpenVPN, SSTP and IKEv2.

Just for better understanding of various VPN protocols, you need to know about the key length of ciphering:

Note about a ciphering key length

As a rough guide, a key length, which is used during a cipher creation, defines how much time it will take while subjecting the ciphered information to brute forcing. Thus, ciphers with longer bit keys requires more time for such forcing than short ones.

Today it's practically impossible to find VPN-encryption with the usage of a key less than 128 bit and it becomes more and more difficult to find 256-bit ciphering in the offered OpenVPN solutions, which run even 2048-bit keys. But what do these numbers define on practice?

This means that 256-bit ciphering is really more efficient than 128-bit one.

A short answer is that during a practical usage for individual needs there is a slight difference. However, it’s true that crash of 256-bit key will take up 2128 times more computer capacity than 128-bit key forcing. That means you will need 3.4х10^38 brute forcing attempts, which is a heroic act for all today’s computers and even for those being created in the nearest future. Just in case we decided to brute force 128-bit key while using the fastest supercomputer, it would take us about one milliard years to get the desired information.

ExpressVPN Overview

As long as 128-bit key can’t be crashed by brute force, it will be reasonable to say the bit-key length is pretty enough for an average customer and business clients. Moreover, it’s known that government authorities dealing with exceptionally controlled data run 256-bit encryption key (the US government, for instance, run certified NIST 256-bit AES-cipher).

Then why there are so many VPN companies offering 256-bit keys to use, if not speaking about 2048-bit? Especially if mentioning the fact that the longer a bit-key is, the more computer power is demanded.  The answer is as simple as one, two, three! The main reason is marketing and a never ending war between VPN competitors. It’s easier to sell services with longer bit-keys for ciphering.

Huge corporations and governments can require additional protection, which is maintained through the usage of long bit-keys. However, an ordinary customer can be absolutely satisfied with 128-bit one.

Various ciphers have different vulnerabilities, which can be used for fats hacking. Moreover, the purpose can be satisfied with specially designed programs, such as keyboard spies. As a conclusion it can be said that usage of a bit-key longer that 128-bit has little sense in bulk.

What is PPTP?

The protocol was created by Microsoft for VPN designing through a dial-up access. Thus, the protocol is common solution for creating VPN connection. Besides, the protocol is compatible with the major OSes and can be used without any additional software installation. The protocol is usually used with 128-bit key. However, the protocol has been discovered to contain several essential vulnerabilities.





  • it’s built in major OSes;
  • it’s extremely easy for setting up;
  • it operates fast
  • a vulnerable protocol’s version (MS-CHAP v.2) is still widely used.

L2TP and L2TP/IPSec

The protocol itself doesn’t provide you with tunneling and ciphering of confidential traffic. That’s why it’s usually used in combination with IPSec one.

The protocol is built in major OSes and doesn’t require any technically advanced knowledge for its settings. The issue is that the protocol can be blocked by a firewall if you stay behind NAT.

L2TP and L2TP/IPSec

Up to the current moment the protocol is stated to have no essential vulnerabilities and is considered as one of the most secure. Nevertheless, it uses more computer power, which is not so good for your internet speed.




  • it’s highly secure;
  • it’s extremely easy for setting up;
  • it’s compatible with numerous OSes
  • it’s much slower in operation than OpenVPN or PPTP;
  • it can ask for additional setting of your router

What is OpenVPN?

It’s stated to be a pretty new solution with an open code or free source, which runs OpenSSL library and SSLv3/TLSv1 protocols with all the other technologies for VPN service.

Besides, the VPN supports major cryptographic algorithms (AES, Blowfish, 3DES, CAST-128, Camelia, etc.). Today, the protocol is known to be number one solution for VPNs. Earlier it was difficult to run it for iOS and Android. Today the issue is solved with the help of side software.




  • it offer flexible setting;
  • it’s extremely secure;
  • it deals with firewalls;
  • it can use a wide range of algorithms
  • it requires side software for Android and iOS;
  • it can be inconvenient during the set-up;
  • it has a limited support for portative gadgets.

Is OpenVPN safe?

Just because of OpenVPN’s pros, it is worth saying that the protocol s considered to be one of the safest ones. The following #2 reasons to prefer a secure OpenVPN connection:

#1 OpenVPN deals with firewalls;

#2 OpenVPN applies multiple encrypting algorithms.

What is SSTP

Although the protocol is allowed for Linux and RouterOS, it’s still widely used for Windows only. It has the same characteristics as OpenVPN, but due to the built-in nature it’s more stable and sturdier against changes.




  • it’s critically secure;
  • it’s prebuilt-in Windows system starting with Windows Vista+;
  • it’s supplied with support from Microsoft;
  • it can operate through firewalls
  • it operates with Windows only

What is IKEv2?

What makes the protocol unique is that it’s extremely mobile. It allows switching from mobile internet to a public Wi-Fi hotspot without any visible changes or disconnection of a VPN connection. The protocol is one the few ones that support Blackberry OS.




  • it’s stated as one of the fastest VPN protocols;
  • it’s very mobile and allows changing network connections without breaking a VPN connection;
  • it’s extremely easy for setting up
  • it’s not supported by many platforms;
  • the protocol is based on IPSec (see the protocol’s cons);
  • it’s blocked by firewalls

In such a way, most customers’ demands will be satisfied with be satisfied with OpenVPN usage, probably, enhanced with the use of L2TP/IPSec. However, you shouldn’t rely on the usage of one and the same encryption solution, as long as different situations require case-by-case overcoming.  

What is the difference between IKEv1 and IKEv2?

  • Due to the fact that IKEv2 does not have the notion of aggressive / main mode, this protocol is much simpler and can be easily understood.
  • The new version of IKEv2 does not automatically reconcile the authentication method among peers, and there is no binding to the policy. In addition, there is the possibility of asymmetric authentication. You can also use different EAP methods here.
  • Besides, a new control-plane protection component related to DoS attacks was added. Its aim is sending a cookie to each request, and in case it is not an attack, a response must be sent. If the answer comes, then there is a connection, otherwise it does not react in any way.

Which VPN protocol is the best?

Now you know what VPN protocols can be applied by VPN services and what pros and cons they have. Still, which is the best VPN protocol? What protocol should you prefer while choosing a VPN service?

Compare the VPN protocols in the chart below:







Is it fast or slow?


Slower than PPTP

Faster than IPSec

Quit fast

One of the fastest

Is it easy to set up?

Simple setup

Extremely easy setup

Responsive configurations

Not difficult

Extremely easy setup

Is it secure?


Secure and reliable

Very sustainable and secure, lots of encrypting algorithms

Extremely secure

Quite secure

What platform is it compatible with?

Embedded in most operating systems

Compatible with numerous platforms

Restricted compatibility with operating systems, works with third-party application

Integrated only into Windows OS

Compatible with few platforms

Bestvpnrating’s conclusion


PPTP is fast and very to set up, but can not ensure with strong protection.

L2TP/IPSec is very secure and can be a good alternative to OpenVPN if it is not compatible with the platform.

The best choice due to high level of security and speed performance.


A decent choice for Windows OS as it is not compatible with other platforms.

IKEv2 might be an alternative to OpenVPN if it doesn’t work with the OS you use.

Have you chosen the best VPN protocol for your device? Let us know in the comments!


Average: 3.8 (4 votes)
Update: 23/01/2020
Dainan Gilmore
Dainan Gilmore