Which native protocols do you support?

CyberGhost VPN connects you right inside its own secured encrypted tunnel with the Internet. The technique, on which this tunnel is based, is called VPN (Virtual Private Network), and it comes in different shapes, where the most important ones are PPTP, L2TP/IPSec, and OpenVPN. OK, agreed, these labels are not very handy and seem to make only sense for members of the Massachusetts Institute of Technology, but don’t worry. It’s just letters and in the bottom line, they are easy to understand:

OpenVPN

Using OpenVPN you connect to CyberGhost via an encrypted TLS (Transport Layer Security) connection. Originally released in 2002 OpenVPN has become very popular and a de-facto standard, among others, because it isn't impressed by wireless access points, firewalls, NAT-based routers, and HTTP proxy servers and will bypass them without problems, can use different ports and keeps its speed even on long distance Internet routing. As for the security, OpenVPN is a must have for it provides an up to 256 bits encryption and works with the OpenSSL library of both the control channels and the data you send through.

The Upside: OpenVPN offers highest encryption (160 bit: very fast and secure; 256 bit: even higher security, but requires more CPU consumption). There are no known vulnerabilities and OpenVPN authenticates data on both ends of the connection through digital certificates. Also OpenVPN is very 'Firewall friendly', means that OpenVPN's UDP packets or TCP streams usually travel without hindrance.

The downside: OpenVPN is not to be installed in a breeze, for one needs at least some basic understanding of what to do and how to implement the right server settings. That's why CyberGhost VPN offers its own client, that's installing and running OpenVPN for you and makes anonymous surfing the easiest task ever.

L2TP/IPSec

L2TP (Layer 2 Tunneling Protocol) is the next good guy on our list to protect your data inside public networks and a merging of Microsoft's PPTP and Cisco's L2F (Layer 2 Forwarding) protocol.

Contrary to OpenVPN, L2TP does not provide any encryption by itself and instead relies on a third party encryption protocol, the Internet Protocol security (IPSec), which takes care of your privacy inside the VPN tunnel.

In terms of security, L2TP with IPSec comes next to OpenVPN and is highly recommended on your Android or iOS gadget, be it a Smartphone or a Tablet-PC. Usually OpenVPN is not supported on those devices, or, if supported by the respective Operating System, it's not to be installed in one weekend (if successful at all). Here is where L2TP/IPSec comes in handy, for it is secure and easy to set up. The downside: You need to set up one unique connection for each server you might want to use.

IPSec

The IP Security Protocol can be integrated easily in existing networks und is considered as very safe. It isn't determined on certain encryption techniques and uses different protocols for authentication and encryption.

IPSec enables confidentiality, authenticity and integrity in an IP net. For this it uses different mechanism, such as encryption of single IP packages and insertion of additional packet headers with a Message Authentication Code.

PPTP

PPTP (Point-to-Point Tunneling Protocol) is another technique to establish your VPN connection – but, sorry to say, the least secure one. Developed by Microsoft in conjunction with other companies, the technique had been compromised lately and according to security specialists, it's possible to unveil passwords while connecting. Then again: the chances it happens to you at some day in the future are highly unlikely.

Like L2TP, PPTP also uses a separate encryption model, which is Microsoft's Point-to-Point Encryption (MPPE). Furthermore it does not rely on a certification infrastructure like OpenVPN, but is easy to set up and because of its low overhead, it's said to be faster than other VPN methods.

But anyway, since PPTP actually has been compromised, it's only recommended to use it, if neither OpenVPN nor L2TP/IPSec are an option. And, by the way, of course you need to set up one unique connection for each server you might want to use with PPTP as you need with L2TP.

Comparison

  OpenVPN L2TP/IPSec PPTP IPSec
OS             
Windows, Mac OS X, Linux, iOS, Windows Mobile, Android (after rooting and adding a third party app) 
Less supported than L2TP/IPSec and PPTP
Windows, Mac OS X, Linux, iOS, Android, Windows Mobile
Widely supported, built in for mobile devices
Windows, Mac OS X, Linux, iOS, Android, Windows Mobile
Widely supported, built in for mobile devices
Android, iOS, Mac OS X, Windows
Setup
OpenVPN always requires the installation of a client software. At CyberGhost VPN it’s the CyberGhost client for Windows itself, making it easy and convenient to  connect, change server. For other operating systems the original OpenVPN with OpenVPN GUI is recommended.
Easy and fast, if using CyberGhost VPN, otherwise a bit complicated
Supported by Windows from 2000/XP up, Mac OS X from 10.3 up and modern other operating systems (like iOS and Android). Easy setup with just a user name, password, the server address and depending on the system a pre-shared key and secret phrase.
Easy and fast!
Supported by each Windows version and  other operating systems (like iOS and Android). Easy setup with just a user name, password and the server address.
Supported by modern  operating systems like iOS and Android. Easy setup on most systems with just a user name, password, the server address and depending on the system a pre-shared key and secret phrase.
Easy and fast!
Encryption
OpenSSL library which supports different algorithms such as 3DES, AES, RC5, Blowfish, with 128 or 256 bit keys.
Extremely Safe!
Standardized IPSec protocol RFC 4835 (either 3DES or AES encryption algorithm) with a maximum of 256 bit keys.
Safe!
Microsoft's Point-to-Point Encryption protocol (MPPE) with a maximum of 128 bit session keys.
Just basic encryption, so compromised!
Not determined on certain techniques!
Very safe!
Stability
The most stable connection, perfect for non-reliable networks like WLANs and mobile networks.
Very stable!
Stable, but not always easy to setup to work reliably between devices behind NAT routers.
Stable!
PPTP is stable, but not as stable or as quick as OpenVPN, when it comes to non-reliable networks like WLANs and cellular networks. Also PPTP has some compatibility issues with the GRE protocol and can easy be blocked.
Stable!
Stable, but not always easy to setup to work reliably between devices behind NAT routers.
Stable!
Speed loss
None noteworthy speed loss.
Speed loss negligible! 
Due to encapsulating data twice less efficient and somehow slower than PPTP or OpenVPN.
Slowest protocol!
Due to less encryption overhead (128 instead 256 bits) faster than L2TP/IPSec.
Fastest protocol!
None noteworthy speed loss.Speed loss negligible
Ports/Blocking
Runs on any port using UDP or TCP, if configured correctly.
Hard to block!
L2TP/IPSec is depending on different fixed protocols and ports for key exchange, encrypted data and NAT traversal.
Can be blocked!
PPTP depends hardly on TCP port 1723.
Easiest to block!
 
Good to know
+ data encryption begins before the connection process
+ connects with AES encryption (up to 256 bits)
+ Firewall friendly
+ very safe
+ very stable/reliable
- not/hardly supported on mobile devices
+ data encryption begins before the connection process
+ connects with AES encryption (up to 256 bits)
+ user-level authentication plus computer-level authentication for connections
+ Firewall friendly
- requires certificate infrastructure
+ supports TCP and therefore allows to retransmit lost packets
+ works in most cases, clients are readily pre-installed
- data encryption begins after the connection process
- Requires only user-level authentication
- in many countries PPTP is blocked by the respective governments or ISPs 
- very complex and in some situations not easy to configure
Rating
4.6 out of 5 stars
4.3 out of 5 stars
3.3 out of 5 stars
4.3 out of 5 stars
Conclusion
Best thing on desktops!
Fast, secure and reliable, even for networks with long distances and high latency.
Next to best!
Secure and easy to use protocol, recommended for mobile devices, although not as fast as the competitors. Requires a bit more configuration steps also.
The just-in-case-protocol
PPTP comes in handy, if security means less than ease of use and speed. Otherwise your first choice should be OpenVPN and your second L2TP/IPSec. We recommend to use PPTP on  mobile devices, if none of the mentioned alternatives are available. Then it’s better to surf less safe than overall unprotected!
As L2TP next to best!
Secure and easy to use protocol, recommended for mobile devices.

CyberGhost Client

The CyberGhost clients for Windows, Mac OS und Android all base on OpenVPN and enable to safely and easily deal with this technique, but also to extend it by more functions:

  • 1 click profiles for activation of optimized VPN connections in regards to different preferences
  • Fast change of server
  • SecureConnect: Prevents third party code to establish own routes parallel to the encrypted tunnel.
  • SecureDisconnect (Kill-switch): Prevents data leaks caused by sudden disconnections from the VPN net.
  • Additional features such as ad blocker, tracking blocker, malware blocker, Data compression and forced HTTPS.
  • Exceptions: Easy configuration of addresses that should not be entered anonymized.
  • Proxy: Support of SOCKS5 and HTTP proxies for traffic cascading.
  • Activation of own DNS servers.
  • Random port when connecting

In terms of security

In terms of security it's always:

  1. CyberGhost Client (most secure because of OpenVPN and extended functionality)
  2. OpenVPN
  3. IPSec or L2TP/IPSec
  4. PPTP
Have more questions? Submit a request

Comments

0 Comments
Article is closed for comments.
Powered by Zendesk