VPN protocols: PPTP, L2TP, and OpenVPN
1. Concepts of PPTP, L2TP, and OpenVPN Tunneling Protocols 1. Default port number of PPTP (Point to Point Tunneling Protocol): 1723 PPTP, or PPTF Protocol. This protocol is a new enhanced security protocol developed on the basis of the PPP protocol. It supports multi-protocol Virtual Private Network (VPN) and can pass the password authentication protocol (PAP) and Extended Authentication Protocol (EAP) to enhance security. This allows remote users to access CEN through an ISP, a direct connection to the Internet, or other networks. Point-to-Point Tunneling (PPTP) is a network technology that supports multi-protocol virtual private networks. It works on the second layer. With this protocol, remote users can securely access the company's network through Microsoft Windows NT Workstation, Windows xp, Windows 2000, Windows 7, and other systems with point-to-point protocols, and can be connected to a local ISP by dialing, and securely linked to the company network through the Internet. PPTP is a Point-to-Point Tunneling Protocol that separates control packets from data packets, and controls control packets over TCP. PPTP uses the TCP protocol and is suitable for use in networks without firewall restrictions. 2. L2TP (Layer 2 Tunneling Protocol, Layer 2 tunnel Protocol) L2TP is an industrial standard Internet tunnel Protocol with similar functions as PPTP Protocol, for example, you can also encrypt network data streams. However, there are also differences. For example, PPTP requires that the network be an IP network, while L2TP requires point-to-point connection for data packets. PPTP uses a single tunnel, while L2TP uses multiple tunnels. L2TP provides Header Compression and tunnel verification, PPTP does not. L2TP is a data link layer protocol based on UDP. Its packets are classified into data messages and control messages. A data message is sent to a PPP frame, which is used as the data zone of the L2TP message. L2TP does not guarantee reliable delivery of data messages. If data packets are lost, No retransmission is performed. It does not support traffic control and congestion control on data messages. Control messages are used to establish, maintain, and terminate control connections and sessions. L2TP ensures reliable delivery and supports traffic control and congestion control for control messages. L2TP is an international standard tunnel protocol. It combines the advantages of PPTP protocol and L2 forwarding L2F protocol, and enables PPP packets to pass through various network protocols, including ATM, SONET, and frame relay. However, L2TP does not have any encryption measures. It is used in conjunction with the IPSec protocol to provide tunneling verification. L2TP uses UDP protocol. Generally, it can penetrate the firewall and is suitable for users with firewall restrictions and LAN, such as companies, Internet cafes, and schools. The performance of the two connection types PPTP and L2TP is not much different. If PPTP is not normal, it is changed to L2TP. Baidu Encyclopedia: http://baike.baidu.com/link?url=t6G3hu_r6-pfi-GN8cCXg5Vx3F_Rk4fEdvXS80l2zstTub7gXMNQzOIPTKfjd_FU 3. The technical core of OpenVPN is the virtual Nic, followed by the SSL protocol. A virtual Nic is a driver software implemented by using underlying network programming technology. After installation, an Eni appears on the host and can be configured like other NICs. The service program can open the virtual network card at the application layer. If the application software (such as IE) sends data to the virtual network card, the service program can read the data, if the service program writes appropriate data to the virtual network card, the application software can also receive the data. Virtual NICs are implemented in many operating systems, which is also an important reason for OpenVpn to be cross-platform. OpenVPN uses the OpenSSL library to encrypt data and control information: it uses the OpenSSL encryption and verification function, meaning that it can use any algorithms supported by OpenSSL. It provides optional packet HMAC functions to improve connection security. In addition, OpenSSL hardware acceleration can also improve its performance. All communication in OpenVPN is based on a single IP port. UDP protocol communication is recommended by default, and TCP is also supported. When selecting a protocol, pay attention to the network conditions between two encrypted tunnels. If there is a high latency or a large number of packet loss, select TCP as the underlying protocol, due to the absence of connection and retransmission mechanisms, UDP protocol is inefficient because it requires the upper-layer protocol to be retransmitted. OpenVPN is a pure application-layer VPN protocol based on SSL encryption. It is a type of ssl vpn and supports UDP and TCP (Note: UDP and TCP are two communication protocols, generally, UDP is more efficient and faster. So try to use the UDP connection method. When UDP cannot be used, use the TCP connection method ). Because it runs on the pure application layer, PPTP and L2TP are not supported after some NAT devices, and some network blockages can be bypassed, openVPN can be used almost wherever the Internet is available ). The OpenVPN client software can easily work with the route table to select routes for different lines (such as domestic and foreign), so that some IP addresses can go through the VPN, while others can go through the original network. Baidu Encyclopedia: http://baike.baidu.com/link?url=00I2C_Gm7Xvcma3QJYHCrJJ0-xcdcNbcSAMNyuxozggQ0LVxeOkZklkiMqbL_j37D0ucvHfsWmlaZbQUlhxO3q Ii. Comparison of advantages and disadvantages of PPTP, L2TP, and OpenVPN tunnel protocols ease of use: PPTP> L2TP> OpenVPN speed: PPTP> OpenVPN UDP> L2TP> OpenVPN TCP security: OpenVPN> L2TP> PPTP stability: openVPN> L2TP> PPTP network Applicability: OpenVPN> PPTP> L2TP 3. PPTP is preferred on the computer for VPN protocol selection. If you cannot use it, you can try L2TP. OpenVPN is preferred for high security requirements. L2TP is recommended for handheld devices. PPTP: This method is the most commonly used method. Most devices support this method. L2TP: Generally, all devices that support PPTP support this method. This method is slightly complicated. You need to select the L2TP/IPSec PSK method, and pre-shared key PSK; OpenVPN: the most stable and suitable for various network environments, but it is complicated to install third-party software and configuration files.