VPN Protocols Compared
help /Not all VPN protocols are created equal. Most are probably not natively supported by your operating system (i.e. you might have to download an app to use it, if it works at all). Some have serious security vulnerabilities that make them very insecure. Others are trusted around the world by businesses and individuals alike.
This is a non-exhaustive list of eight VPN protocols that are currently being actively developed or are supported by VPN providers. For each protocol we've included Operating System Support, Ciphers, Encryption Libraries, Authentication Methods, Security and Trust, and even whether or not the Great Firewall can detect it.
We will be periodically updating this page and will announce any and all updates on our blog. Please note that this is a living document and information on it might change at any time.
What VPN protocol should I use?
- Short Answer: L2TP/IPSec as its most likely to be supported by your computer or other device.
- Long Answer: See table(s) below ...
VPN Protocols [1] Compared
| OpenVPN [2] | OpenVPN xor [2] | L2TP/IPsec [3] | SSTP [4] | |
|---|---|---|---|---|
| Client OS Support |       |
|
|
|
| Slowfruit.net Support [1] | F - S1 | F - S2 | F - S1 | ? |
| Ciphers [10] | Varies (incl. AES-256, Blowfish) | see OpenVPN, xor | AES, 3DES | RC4, AES |
| Encryption Libraries | OpenSSL, PolarSSL | see OpenVPN | OpenSSL, NSS, cryptodev | Microsoft CryptoAPI - MS-CAPI  |
| Authentication Methods | Varies (see note) | see OpenVPN | IKEv1, IKEv2 | MSCHAPv2, EAP |
| Security / Trust | Tried and Tested (c. 2001) | see OpenVPN (c. 2013) | Tried and Tested (c. 1998) | (c. 2007) |
| Great Firewall [9] | Detected | Undetected | Undetected | Undetected |
| Cont. | SoftEther [5] | OpenSSH [6] | ScrambleSuit [7] | PPTP [8] |
|---|---|---|---|---|
| Client OS Support | |
|
|
|
| Slowfruit.net Support [1] | ? | Y | F - S2 | Nope |
| Ciphers [10] | RC4, AES-128, AES-256, DES, 3DES | AES, 3DES, Blowfish, RC4 | AES-256 | RC4 |
| Encryption Libraries | OpenSSL | OpenSSL | PyCrypto | Microsoft CryptoAPI - MS-CAPI |
| Authentication Methods | Anonymous, Password, RADIUS, Active Directory, Certificates (individual and signed) | RSA, .rhosts w/ RSA, s/key, Kerberos | shared secrets, polymorphism (see note) | MSCHAPv1, MSCHAPv2, EAP-TLS |
| Security / Trust | New (c. 2014) | Tried and Tested (c. 1999) | New (c. 2013) | Major security problems (c. 1999) |
| Great Firewall [9] | Undetected | Detected | Undetected | n.a. |
Please note, that some of the ciphers that are supported by the above VPN protocols are considered very weak (e.g. RC4, DES) by the information security community [10] and should probably not be used by your VPN provider.
If you notice a mistake with these tables please do not hesitate to contact us so that we may correct the issue.
Notes
We thought you might get bored if we put all of our citations on the same page as the table, so we moved the citations for this article to its own page VPN Protocols Compared Notes.