PPTP vs. L2TP vs. OpenVPN: which one to use?

Each VPN Protocol has its own advantages and disadvantages. This article covers the most important features of each VPN connection types that we support, to help you decide which one is best for you.
 
Short summary: 

TL;DR
use OpenVPN ECC with our software for best speed and security mix. If you're connecting from a firewall-restricted network, try OpenVPN XOR with port TCP-443. Avoid PPTP and even L2TP/IPsec. OpenVPN 256-bit AES is kind of overkill, rather use AES 128-bit. We don't expect anyone to go for AES cracking while there are weaker links in the chain, such as the RSA keys: how are they generated (good or poor entropy, online/offline generation, key storing on servers etc.). Therefore, AES-128 is a very good choice over AES-256 which is mostly used for marketing claims ("bigger is better"). 
 
Ratings: 
PPTP: very low security, fast speed
L2TP/IPsec: medium security, fastest speed
OpenVPN (128-bit BF): medium security, fast speed
OpenVPN (256-bit AES): highest security, good speed
OpenVPN (128-bit AES, ECC): high security, fast speed
 
PPTP is insecure but it works on most Operating Systems/devices by default using the OS built-in VPN features. It is very fast in our implementation, but since it's not as secure as other protocols, we recommend to use it only for activities that are not too sensitive (i.e. only to unblock geo-restricted content).
L2TP/IPsec is quite secure and arguably the fastest in our implementation. It's not as reliable as OpenVPN over networks experiencing issues, leading to connection drops. The protocol itself is very complicated from a technical perspective and road-warrior implementations (common with most VPN providers) are not as secure as they should be, especially by relying on pre-shared keys insead of certificates. Therefore, from a security perspective we rate it somewhere in-between PPTP and OpenVPN: overall good for security as long as neither of the end-points (client or server) are targeted by highly skilled attackers. 
OpenVPN is the most secure and reliable (even over slow/unstable networks). OpenVPN UDP is usually faster than OpenVPN TCP. OpenVPN is also harder to block by ISPs since it also runs on standard ports like 443, 993, 995. However, just running over common ports is not enough as any decent DPI would immediately identify it. 
 
Encryption strength
 
PPTP: 128-bit MPPE (keep in mind that the protocol itself is broken so the encryption is pretty much useless per se)
L2TP/IPSec: 256-bit AES and RSA-2048 (with Maximum Strength Encryption enabled in manual setup or with our software)
OpenVPN 128-bit BF: 128-bit BF-CBC for data channel, RSA 2048 for keys and SHA1 HMAC (preferably to be used only on devices that do not currently support AES/custom OpenVPN settings, e.g. Synology NAS)
OpenVPN 128-bit AES: 128-bit AES-GCM/AES-CBC for data channel, RSA 4096 for keys and SHA256 HMAC
OpenVPN 256-bit: 256-bit AES-GCM/AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC 
OpenVPN ECC: 128-bit AES-GCM/AES-CBC for data channel, Elliptic Curve using curve secp256k1 for keys and SHA512 HMAC
OpenVPN XOR: 128-bit AES-GCM/AES-CBC for data channel, RSA 4096 for keys and SHA512 HMAC

OpenVPN uses AES-GCM instead of AES-CBC if supported by client. It is supported by our client software and used by default, however with older OpenVPN client versions it may not support it and use AES-CBC instead of AES-GCM. 

OpenVPN XOR is similar to OpenVPN 256-bit in terms of key strength and HMAC as the same are used, it is just the symetric cipher that is different, AES 128-bit being faster and less CPU intensive than AES 256-bit. We recommend to use it only when other OpenVPN types do not work, such as within networks that block other connections than outgoing over ports 80 and 443. Running OpenVPN XOR over port TCP-443 should by-pass most firewalls/web-filtering engines. 
 
PPTP
 
Advantages
- It is the most widely used VPN protocol, available by default on most modern Operating Systems and devices (routers, smart phones, tablets). 
 
- It is very fast in our implementation, reaching 70 Mbps with ease on 100 Mbps broadband connections. 
 
Disadvantages
- It is not a secure VPN protocol and can be easily decrypted by malicious 3rd parties in man-in-the-middle attacks. However, the attacks against PPTP are not really easy, not even for knowladgeable security experts - so we believe it is a good protocol to use for transfering non-sensitive data or to add a security layer to your communication in open networks, e.g. restaurants. 
 
- Requires NAT traversal and the router to allow GRE/VPN pass-through if you want to connect from an internal network, such as home network, to an external VPN server on the Internet. These requirements result in connection problems when: 1. the router does not support GRE/VPN pass-through or it is not correctly implemented and 2. when there are more than 1 devices/PCs in the same network connecting to an external VPN server at the same time.
 
L2TP/IPsec
 
Advantages
It comes second after PPTP in popularity and that makes it available on most modern Operating Systems and devices. It is more “NAT friendly” than PPTP and should pass through most modern routers even if you connect more than 1 PC/device from the same local network at the same time.
 
L2TP/IPsec is using UDP protocol and benefits from kernel-based acceleration, at least on the client-side (Windows) but also on server-side (in our implementation). Depending on the L2TP/IPsec server configuration, L2TP/IPsec can be almost as fast as a regular non-encrypted connection to the server. Speed wise - it can max-out an 100 Mbps broadband or come close in most cases. We managed to achieve far better speed between gigabit servers.  
 
It is more secure than PPTP but not as secure as OpenVPN; it's "complicated" from a technical perspective and a lot of things can go wrong in setting it-up, especially in road-warrior setups. While we believe that attacks against PPTP are very hard in real-world scenarios for the "average" attacker, those might be totally useless against IPsec, but if the adversary is highly skilled and has virtually unlimited resources (e.g. NSA), you better don't use IPsec just to be on the safe side. 
 
Disadvantages
It is a bit harder to setup, can be easily blocked by ISPs. 
 
OpenVPN
 
Advantages
It works on both TCP and UDP protocols. UDP connections are usually faster than TCP. It does not require explicit NAT traversal/VPN pass-through on home routers and it can easily connect from virtually anywhere, as long as the ports are not blocked. OpenVPN can run on any ports. 
 
It's probably the most secure VPN protocol nowadays, it relies on OpenSSL or PolarSSL/mbed TLS for the actual encryption. 
 
Disadvantages
It is a bit more difficult to setup. It requires a software client to connect since it is not supported by default on most operating systems. It also needs driver support and may not work on some PCs due to software/driver installation restrictions. There are several OpenVPN clients to choose from. Check our Tutorials section to get started using them. Even if it is a bit harder to setup than traditional PPTP or L2TP/IPsec, we recommend using OpenVPN if reliability and security are your main concerns. For best speeds, it's likely that L2TP/IPSec would be faster if you have a very fast broadband connection (over 100 Mbps) - but it depends on many factors. 

Not as fast as L2TP/IPsec and even PPTP in some cases. It can be slow on Windows if you run it in a Virtual Machine under VirtualBox, but very fast on Linux (even in a VM environment). 

Our recommendation for best mix of security and speed is to use OpenVPN ECC, followed by OpenVPN AES 128-bit. 



Other tutorials: