😨 👹 👩🏽‍💼 We understand VPN protocols 📬 🔔 🌿

In recent months, the army of VPN users has grown significantly. And it's not about lovers to bypass locks and visit prohibited sites, but about those who use a VPN for safe operation (yes, remote work). This is an occasion to once again look at the arsenal of available protocols and compare them from a security point of view.

oh brave new world

For starters, a few general points about VPN. VPN usage scenarios can be different, the most popular ones are:

(, );
( );
VPN Providers ( , ).

VPN — , . "" . — OpenVPN IPSec, WireGuard, . , , .

VPN :

— .

— , . , VPN Providers, , .

— , . — .

— , , -.

, , .

PPTP

Point-to-Point Tunneling Protocol (PPTP) — VPN , , Microsoft.

PPTP — , . TCP, 1723. GRE, ( TCP/UDP). , NAT, , - . , GRE, PPTP ( enhanced GRE), Call ID, , , GRE , . NAT point-to-point GRE. VPN PassTrough. .

PPTP Windows . , PPTP : , , , OpenVPN.

PPTP Microsoft VPN . PPTP, .

, VPN , PPTP , , : , .

SSTP

Secure Socket Tunneling Protocol (SSTP) — Microsoft. PPTP, SSTP VPN, , PPTP, .

SSTP SSL TCP- 443. , , VPN . , SSTP Linux, RouterOS SEIL, Windows-.

SSTP , . , VPN SSTP.

SSTP , VPN , - OpenVPN ( ).

IPsec

Internet Protocol Security (IPsec) — , IP-. SSL, , IPsec , ( OpenVPN).

IPsec L2TP IKEv2, .

IPsec IP-, :

Authentication Header (AH), ;
Encapsulating Security Protocol (ESP), , .

IPsec , IPsec (L2TP IKE). , , . IPsec , .

, IPsec L2TP IKEv2.

L2TP/IPsec

Layer 2 Tunneling Protocol (L2TP) 1999 L2F (Cisco) PPTP (Microsoft). L2TP , IPsec. L2TP IPsec , RFC 3193.

L2TP/IPsec ( , PPTP). L2TP/IPsec 3DES AES, , , 3DES , .

L2TP - UDP- 500, , , .

L2TP/IPsec , . L2TP/IPsec , , VPN-.

IKEv2/IPsec

Internet Key Exchange version 2 (IKEv2) IPsec, , Security Associations (SA), RFC 7296. IPsec, L2TP, . IKEv2 Microsoft Cisco, (, OpenIKEv2, Openswan strongSwan).

Mobility and Multi-homing Protocol (MOBIKE) IKEv2 . IKEv2 , Wi-Fi .

IKEv2/IPsec , AES, Blowfish Camellia, 256- .

IKEv2 Perfect Forward Secrecy.

IKEv2 OpenVPN, . IKEv2 , . IKEv2 Windows 7+, Mac OS 10.11+, iOS, Android-.

OpenVPN

OpenVPN — VPN , OpenVPN Technologies. , , VPN. , .

, VPN, OpenVPN. . OpenVPN TCP UDP IPsec , VPN.

OpenVPN , , . VPN- OpenVPN, . TCP UPD : Windows, Mac OS, Linux, Apple iOS, Android.

, .

WireGuard

VPN — WireGuard. IPsec OpenVPN , , .

IP-, WireGuard , UDP . WireGuard :

Curve25519 ,
ChaCha20 ,
Poly1305 ,
SipHash -,
BLAKE2 .

WireGuard , OpenVPN, (4 ). , .

( , ). , WireGuard Linux , .. .

WireGuard 1.0.0, WireGuard Linux 5.6. Linux , , - . , WireGuard IPsec OpenVPN .

VPN , , . , , , .

	PPTP	SSTP	L2TP/IPsec	IKEv2/IPsec	OpenVPN	WireGuard
-	Microsoft	Microsoft	L2TP — Cisco Microsoft, IPsec — The Internet Engineering Task Force	IKEv2 — Cisco Microsoft, IPsec — The Internet Engineering Task Force	OpenVPN Technologies	Jason A. Donenfeld
	Proprietary	Proprietary	Proprietary	Proprietary,	GNU GPL	GNU GPL
	Windows, macOS, iOS, GNU/Linux. “ ”,	Windows. “ ”,	Windows,Mac OS X, Linux, iOS, Android. ( Windows 2000/XP +, Mac OS 10.3+) ,	Windows 7+, macOS 10.11+	Windows, Mac OS, GNU/Linux, Apple iOS, Android . ,	Windows, Mac OS, GNU/Linux, Apple iOS, Android. WireGuard,
	Microsoft Point-to-Point Encryption (MPPE), RSA RC4 128-	SSL ( , TCP- SSL-)	3DES AES	, AES, Blowfish, Camellia	OpenSSL ( )	1-RTT, Curve25519 ECDH, RFC7539 ChaCha20 Poly1305 , BLAKE2s
	TCP- 1723	TCP- 443	UDP- 500 . UDP- 1701 L2TP, UDP- 5500 NAT	UDP- 500 , UDP- 4500 — NAT	UDP- TCP-	UDP-
	. MSCHAP-v2 , RC4 Bit-flipping		3DES Meet-in-the-middle Sweet32, AES . , IPsec	, IPsec

veneramuholovka

We understand VPN protocols