<div dir="ltr">PPTP is a pretty old protocol that uses CHAP/PAP authentication for the most part. I avoid using it because of the security issues, and the data is passed via GRE, which does not play well with NAT.<div><br></div><div>L2TP often adds IPSEC to the mix while authenticating similarly to PPTP. It is more secure than PPTP, but has a lot of the same drawbacks.</div><div><br></div><div>OpenVPN is ideal because it uses an SSL tunnel. If you choose TCP as the tunnel type, chances are good you can get through most firewalls and NAT at companies, hotels, coffee shops, etc. Using UDP there is a good chance it will get blocked, but it is still more secure than L2TP or PPTP. OpenVPN with TCP has some known performance issues if your network has a lot of packet loss.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Dec 16, 2015 at 3:54 PM, Rick Hornsby <span dir="ltr"><<a href="mailto:richardjhornsby@gmail.com" target="_blank">richardjhornsby@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
There are multiple VPN types out there - PPTP, L2TP, SSTP, OpenVPN (and subtypes UDP, TCP, "Proxy", and IPSec). I have an L2TP VPN server at home here in Kansas City, which I when I'm not at home. While I'm at work, however, I still use a VPN on my personal laptop that's connected to the (employee permitted) wifi. For that, a StrongVPN location in Chicago works out better and is faster.<br>
<br>
I'm using a VPN because the only WiFi I trust is my wifi at home. Everything else I treat as potentially hostile. Secondly, my personal traffic is none of my employer's (or really, the network people's) business.<br>
<br>
>From what I've read:<br>
<br>
* Stop using PPTP, it is based on very old Windows-era stuff that's weak and cryptographically broken<br>
* OpenVPN is the new hotness, and uses some kind of SSL tunneling. I don't understand the subtypes or why one subtype is better than the other.<br>
<br>
One of the downsides with OpenVPN is that it requires the StrongVPN client. There's no native support for OpenVPN in OS X.<br>
<br>
Otherwise, I don't really understand the different types or subtypes or why I would choose one over the other?<br>
_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" rel="noreferrer" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
</blockquote></div><br></div>