Is IPsec more secure than PPTP?
As I understand it (and please don't take this as something that means I'm stupid), PPTP creates a security association, which means that the only way to secure communications is to perform man in the middle attacks against the user. As I read that, this seems quite inefficient. IPsec has a pre-shared secret, which means that the communication can be secured before the user initiates a request, and I've seen it done by using public-key certificates. Can someone explain how these two protocols differ from one another? Is one less secure than the other? Is one more secure than the other?
Also, it is not a general-purpose protocol designed for securing anything, but rather for VPNs only. How then do VPNs that use IPsec differ from VPNs that use PPTP? I would say they're both based on shared secrets, though, if one is more secure than the other? In summary. IPsec requires all parties involved to have both sets of keys. PPTP allows you to hand out just one set of keys to establish a connection. So yes IPsec can provide stronger protection against attacks on the integrity of packets than PPTP but they each have their own weakness - a weakness that is compounded by using both types of protocol together. PPTP uses a public-private key pair to provide authentication and encrypting keys. If there is no other known secret that both client and server have then one way encryption and authentication can be achieved. If you share a symmetric key for instance, or use certificate-based certificates then it would be possible to have an encryption-only security solution IPsec operates on a symmetric block cipher with an integrity check. As for how the protocols compare, there is a good description at . In fact, the gist has detailed technical comparisons for all the common configurations.
What is the difference between L2TP IPsec and PPTP?
PPTP is a Point-to-Point Tunneling Protocol, which is used for VPN tunneling over IPsec.
L2TP is a Layer 2 Tunneling Protocol, which is used for VPN tunneling. The end result is that L2TP/IPSec makes possible the configuration of a VPN connection on a LAN (or WAN) network using standard IPsec technologies. It does this by encapsulating IPsec traffic in L2TP/IPsec frames.
What is the difference between PPTP and L2TP/IPSec? There are several differences. For one, PPTP VPN connections require a PPTP client installed on both ends of the connection. L2TP/IPsec connections do not. Additionally, PPTP VPN connections are not encrypted and therefore, can be easily sniffed; and L2TP/IPSec connections are secure since they are encrypted. Finally, PPTP VPN connections need to be established on the same subnet and use the same username and password. L2TP/IPSec VPN connections need to have a single subnet configured on both ends of the connection. As you can see, PPTP VPN connections do not conform to all of these standards.
L2TP/IPSec supports the same range of tunnelling techniques that IPSec supports; however, PPTP VPNs are not as secure. PPTP VPN connections must first be established on the same subnet on both ends of the connection. Since IPSec and L2TP/IPSec VPN connections are based on virtual IP addresses, they do not have to be established on the same subnet.
The username and password required for PPTP VPNs is different from the user name and password used in L2TP/IPSec VPNs. In summary, PPTP VPNs are insecure and are easy to sniff. L2TP/IPSec VPNs are secure and have a wide variety of tunnelling capabilities. They do require that the router in the middle use the appropriate encapsulation protocol (PPP, STCP, L2TP/IPSec). However, there are no special requirements for the end users. They should be able to select an appropriate L2TP/IPSec service provider.
The following diagrams show how the differences between PPTP VPN and L2TP/IPSec VPNs make these protocols different.
Are L2TP and IPsec the same?
What about PPTP?
I'm setting up a VPN that will be for my business. I've set it up with my router, and it connects fine. I have my firewall/router set to only allow PPTP and L2TP connections, but I'd like to know if it's possible that I've set up my L2TP VPN connection incorrectly (such as not specifying the correct login info).
Also, I've heard that PPTP is insecure, but I don't understand what that means (are you able to sniff the username and password while connected to the VPN? Thanks in advance! PPTP is insecure, so it should never be used. Also, it's impossible to "sniff" the user name and password.
L2TP, on the other hand, is a method for securing your data transmission. There are two types of L2TP security: Encryption and Authentication. You need to make sure you're using encryption, as that is how the data is encrypted.
But, you can't just blindly go on setting up VPNs because you think you'll be safe. All you're doing by setting up a VPN is changing the IP address that you send/receive data from/to. This means that anyone that has the ability to see your network traffic can see the IP address you're sending/receiving your data from/to.
The only way to ensure your data is private is to use a VPN that does encryption on the VPN tunnel.
Related Answers
Is PPTP outdated?
Is it free or what? PPTP VPN, PPTP VPN. PPTP (Point-to-Point T...
What are the weaknesses of PPTP?
If you're connecting to remote computer or other networks, you can turn off PPTP to...
Is L2TP still used?
Here's why I do not recommend L2TP over IPsec. This is not a critic...