We must know there are three VPN protocols: PPTP, L2TP y SSL.

It must be clear an idea: the three VPN protocols are used to same target which is to encapsulate the PPP protocol. PPP protocol is network protocol stack uses to do a direct connection between two networking hosts. Therefore PPTP, L2TP y SSL have the common features of PPP, for example authentication schemes, Ipv4, Ipv6 and others. But this is another story.

So we have:

PPTP (Point-to-Point Tunneling Protocol):
It is very old, then it can be supported by old and new clients such as Windows 98, Windows NT, Windows 2000, etc.
This uses Encryption Method called MPPE.
It is very easy in his configuration, very firewall compatibility but hasn’t integrity. Besides it cannot use certificates.

L2TP (Layer 2 Tunneling Protocol):
This use encryption method called Ipsec, so this can use certificates or a preshared key but It needs new clients such as Windows XP, and Windows Vista,etc. His configuration is difficult and we have a lot of problems in firewall configurations. However it is very secure as it has remote computer and user authentication.

SSTP (Secure Socket Tunneling Protocol ):
It is the newest VPN protocol therefore it needs the newest clients and servers (Windows Vista SP1… and Windows Server 2008 …). It is very secure and easy in his configuration as this uses the well know protocol SSL (port TPC 443) therefore it needs a server certificate and we must also configure IIS (Internet Information Services). In general, it is configured easily in firewalls.
IKEv2:( Internet Key Exchange Version 2):
It is the newer VPN protocol used for Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012. Actually, this protocol is based on Ipsec but without complexity the others as L2TP.
This protocol uses UDP port 500 and it can use machine certificate or preshared key as the authentication method for IPsec.
It is very interesting as we can use in two important novelties respect to newer Microsoft’s operating systems as such DirectAccess or automatic reconnection.

To sum up:

When we have to choose a VPN protocol in an answer in a certification exam or in real cases if we work as IT Administrators we must take into account: client versions, firewall compatibility, security grade and if we are goint to have PKI.
Besides, we could use Ipsec only to configure VPN but this is very complex and these VPN,s which are based on Ipsec only are configurated by communication companies, however we can use IKE v2 if we’ve got newer Microsoft’s operating systems, this allows to configure easily DirectAccess and the automatic reconnection in the new mobile networks based on 3G, 4G or Wifi.  +

stay connected  and happy hacking with way2hackintosh and if you want to contact us  E-mail us on way2hackintosh@gmail.com

Post a Comment