There are a number of VPN protocols which are available so we can get a little bit confusing when it comes to choosing what you should use and why we have things like PPTP, L2TP, IPsec, open VPN, SSTP, IKEv2.

And those are the most common ones.

Plus there are some other more obscure ones that use SSL and TLS, which is OpenConnect and SoftEther.

So let's go through these as quickly as we can.

So you have PPTP which is a point-to-point tunneling protocol.

Do not recommend this.

The Microsoft implementation has had major security flaws MS-CHAP v2 which is often uses the authentication within PPTP is vulnerable to dictionary attacks and the RC for algorithm is subject to a bit fliping attack.

Even Microsoft does not recommend using it.

It does come available within the Windows operating system so it's very easy to set up.

That's why people still use it.

Nation-State, NSA, GCHQ people like that are very very likely to be able to decrypt PPTP and will be able to with previous recorded and stored traffic be able to decrypt that PPTP encrypted VPN.

And if you want to look at some cryptanalysis or PPTP and sort of a classic paper by Bruce Schneier on on why PPTP has broken.

So the only reason to use PPTP is if all of the options are effectively not possible and the only other option is sending plain text.

Next is L2TP and IPsec combination. L2TP is usually implemented with IPsec provide encryption privacy because L2TP doesn't provide encryption of the traffic. An IPsec does provide encryption and privacy an advantage of L2TP. IPsec is that most modern operating systems natively support them.

You can get quick and easy to set up Windows, Mac, Linux, IOS, Android will support these. Now L2TP and IPsec uses fixed ports and protocols which unfortunately makes it inflexible.

So UDP 500 is use for initial key exchange, protocol 50 for the IPsec encrypted ESP, UDP 17.1 for the initial L2TP configuration and UDP 4504 not traversal.

It is therefore more easily blocked by net firewalls and may require port forwarding when used behind a firewall.

So L2TP is much easier to block than open VPN due to its reliance on these fixed protocols and pause.

The traffic coming encrypted that Triple DES and AES the preference would be 256 AES give them the choice.

If you're not concerned about nation-state level adversaries then this is a viable VPN option.

If you're using AES and it's not a problem for getting through a firewall.

However if you are concerned about nation-state adversaries this is not recommended.

There is strong evidence that the NSA and probably others GCHQ etc. are using a flaw in the IKE exchange in order to decrypt the traffic.

Now if you want to know more about this the spiegel.de released this top secret document which is where the information is from.

And if we scroll down you can read more about what it is that they're actually doing.

So the TU VPN capability will implement an operational capability to detect and decrypt selected communication that are encrypted using IP security (IPsec) algorithms and protocols.

It will forward the unencrypted content to follow-on processing systems.

The TU VPN capability will collect metadata about IPsec Internet key exchange events and forward the metadata to follow on SIGINT.

So they're pretty good evidence that IPsec is compromise on a nation-state level.

Another potential problem is when IPsec is configured to use pre-shared keys and that those pre-shared keys are available publicly.

So this can be for example you use a VPN service and they give out a password for you to connect to that VPN service.

And that is a known password that everybody uses.

Now that's an implementation vulnerability and enables man in the middle attacks.

There's nothing wrong with IPsec per se.

It's just that somebody can implement it incorrectly.

Another concern is that IPsec may have been deliberately weakened by the NSA.

And there is an interesting post on this which is here and this is by a guy called John Gilmore is a security researcher and he previously was one of the founding members of the EFF the Electronic Frontier Foundation.

So an essay may have actually deliberately weakened it.

So in conclusion on this one it does work natively on most operating systems so it's simple and easy to get to work which is obviously always great.

You don't want to be using AES-256.

That's pretty solid.

And this will protect you against hackers and low level trackers but it isn't going to protect you against nation-state level adversaries that are best to avoid in that case.

So onto OpenVPN.

This is an open source project that uses the OpenSSL library and SSL version 3 and TLS version 1 protocols. One of its main advantages is that the protocols and ports are configurable so it runs fastest over UDP but it can use TCP and sacrifice speed.

This means you could set it up for example that emulate normal https web traffic by configuring it for port 443 on TCP.

This makes it very difficult to tell that VPN is being used and not just normal web traffic but if you don't need that level of port protocol obfuscation it works faster over UDP. OpenVPN uses the OpenSSL library which means it supports lots of encryption algorithms.

Will show you here.

So including all of the AES, Blowfish, Camellia, RSA, Diffie-Hellman key exchange, Elliptic curve, Elliptic curve Diffie-Hellman together Perfect Forward Secrecy.

AES and Blowfish are the most commonly used for trafficking correction and Blowfish is the default symmetric encryption algorithm for encrypting the data.

I recommend AES-256 as usual or Camellia 256.

OpenVPN is fast but obviously the higher bit length you go, they slow the connection.

That's the same with most VPN's.

Probably the biggest disadvantaged that OpenVPN is it is not natively supported by most operating systems.

You just click on here.

So what you have to do is you have to get free Forby software that you can download and install.

So here on the open VPN Web site you can see you can download these various third party software.

Set up these clients isn't straightforward and some non-technical could get lost in a configuration.

They are available for all the major operating systems and you can see here but also Linux and what you after end up doing is configuring a config file which does something like this depending on your configuration.

So as you can see this can be a little bit confusing for some people.

So to alleviate this known problem what VPN providers do is they develop their own VPN clients the ones like I showed you before the CyberGhost example.

But mostly these is closed source so you can validate if there's any vulnerabilities or implementation errors and then there's no evidence that the NSA or GCHQ, the nation-state has compromised OpenVPN only using strong algorithms and ephemeral keys in SSL/TLS mode.

The session keys are ephemeral either session keys are periodically changed and if an adversary manages to compromise one of the session keys they can decrypt only that traffic for that short period of time which is what perfect for secrecy is.

When it comes to the encryption algorithms, you want to look for 2048-bit or 4096-bit RSA certificates, DHE-RSA-AES256-SHA for exchange of OpenVPN key material.

And as I've said AES-256-CBC-SHA for data and those should be good enough for most people.

Given that there's perfect forward secrecy as well and for most situations.

So OpenVPN is the VPN protocol that you should use whenever possible with those configuration settings that I've mentioned.

You can get strong algorithms, we have do currently recompile OpenVPN and it's quite complex but that is viable and it's something you can look into.

But the algorithms and settings I mentioned should be fine for almost all situations.

Now onto the last two.

There is SSTP. This is a proprietary standard owned by Microsoft Office, many of the advantages of OpenVPN but is for Windows only and not well supported by VPN providers.

In fact you virtually never see it.

The code is not open source.

Microsoft does not have a brilliant record when it comes to cooperation certainly with the NSA.

So for this reason not recommended.

Not worth going into any more detail.

You also have another interesting option which is the IKEv2.

Now this is an IPsec based tunneling protocol that was jointly developed by Cisco and Microsoft.

There could be a situation way you might want to use this.

If it's on a mobile platform because it has enhanced ability to reconnect when the connection is dropped which is something that obviously you might want.

If you are on a mobile device and it's reasonably secure and fast.

So to conclude what we've gone through where possible you should always be choosing OpenVPN.

IKEv2 is viable on mobile devices for a quick and easy solution.

Then OpenVPN is there.

You should be using that unless reconnection is more important than privacy.

And better than no VPN.

Say for example if you are on a public Wi-Fi and you don't want a hackers or trackers then you can use L2TP and IPsec.

If your adversary is not a nation-state then use PPTP as a total last resort.

So that's VPN protocols.