Which VPN protocol to use
A question that often comes up in networking software discussions is "which VPN protocol should I use?" followed by "why should I use that one when there are so many others?" I'm going to try to tackle these questions in lay terms here.
If you're reading this article, you probably already know what a virtual private network (VPN) is. As a refresher, VPN software allows your computer to join a remote private network with the help of a tunneling protocol. Since your data goes through public networks, you want your connection to be as stable, safe, and secure as possible. In addition, you need to consider the features you need from a VPN solution. For example, consider if you only need remote access; or if your use case calls for a site-to-site VPN.
Now, let's look at some popular VPN protocols and implementations.
There are a lot of VPN protocols out there. Many of them are poorly designed, to the point of harmfulness. They are cumbersome to set up securely (and most people simply don't) and make you jump through hoops to fit your requirements. Fortunately, most of them didn't make it to the present day, and they only appear in the odd legacy infrastructure. The following is a notable exception.
Point-to-Point Tunneling Protocol (PPTP)
Microsoft's PPTP is an excellent example of a VPN software not to use. Its relative popularity stems from the fact that it comes bundled with Microsoft Windows by default. It was proven again and again to have significant security problems. In addition, its feature set is barebones, and it suffers from performance issues unless you run it unencrypted. Its sole advantage of the ease of setting up disappears once you try to set it up with a better authentication protocol like Extensible Authentication Protocol (EAP). It remains in use in legacy infrastructures solely out of inertia and because some old routers only support PPTP and nothing else.
Transport Layer Security (TLS)
Sometimes known by its older name, Secure Socket Layer (SSL), TLS is a popular choice for encrypting network connections of all kinds. TLS VPNs (also still known as SSL VPNs) are a broad category of VPN implementations that use TLS for encrypting the tunnel connection. It's a popular way to implement VPN, and the market is full of mediocre, proprietary TLS VPN software. We will steer clear of those notoriously finicky, portal-based VPNs and examine more featureful and reliable protocols here.
Secure Socket Tunneling Protocol (SSTP)
Microsoft's SSTP is a significant step up from PPTP. Although it still lacks features and configurability, it offers decent security. It still suffers from the same performance issues owing to its use of TLS over TCP rather than UDP like most other TLS VPN protocols, meaning it's vulnerable to TCP meltdowns. It's a decent choice if your requirements are simple. For example, if most of your employees are Windows users and all they need is to connect to your office network remotely, authenticating with RADIUS.
OpenVPN is one of the most popular VPN protocols and is usually the go-to solution for many use cases. First of all, it's completely free software and is subject to independent audits. Secondly, it's significantly more flexible and featureful than many of its alternatives, offering scripting and plugin support to extend its functionality. The client is available on every commonly used operating system, including Android and iOS.
You can authenticate with single sign-on, two-factor authentication, RADIUS, LDAP (thus, Active Directory), and even PAM with the help of a plugin. In addition to its built-in split tunneling, Ethernet bridging, and IPv6 tunneling capabilities, OpenVPN supports both remote-access and site-to-site connections.
OpenConnect server implements Datagram TLS (DTLS), a variant of TLS explicitly intended for secure communication, as part of the OpenConnect VPN Protocol. Most notably, it features support for site-to-site links, one-time passwords, OpenID tokens, and Kerberos authentication. It's a drop-in free software replacement for Cisco AnyConnect VPN by design. Its target audience is people who want to switch from AnyConnect to a more flexible and secure alternative while keeping their infrastructure intact.
Internet Protocol Security (IPsec)
IPsec is a highly flexible and versatile VPN protocol suite. It often gets compared with OpenVPN as a well-rounded VPN solution. It's a fair comparison because they're popular general-purpose VPN solutions with orthogonal design decisions. IPsec is partially implemented in the operating system's IP stack, for starters. Consequently, it is much faster, as it resides in the kernel space rather than the userspace and can even take advantage of hardware-level encryption. (It's worth mentioning that many cloud gateway vendors only offer IPsec for these reasons.) Although many operating systems come with an IPsec implementation baked into the network stack, an Internet Key Exchange (IKE) implementation still needs to be installed. OpenVPN, however, is available as exclusively userspace software, giving it a portability advantage at the expense of speed. Instead of a single implementation by a vendor, there are many enterprise-grade free software IKE implementations for IPsec, as it is an open standard. (VyOS uses StrongSWAN.)
Since IPsec is commonly paired with other protocols for bespoke VPN solutions, we need to briefly touch upon other protocols here.
Layer 2 Transport Protocol (L2TP)
L2TP over IPsec remains one of the most popular remote-access VPN solutions. It's widely supported and easy to set up. IPsec uses IKE for security association, which works through key certificates. L2TP adds user session management (including username/password authentication) to IPsec. Even after IKEv2 brought EAP support to IPsec, L2TP/IPsec remains a popular VPN solution due to widespread support.
L2TP is seldom used without IPsec and is limited to UDP for transportation. It's worth noting that L2TP/IPsec doesn't support site-to-site connections (short of NAT-style hacks).
Layer 2 Transport Protocol version 3 (L2TPv3)
L2TPv3 deserves a better name because it has little in common with L2TP(v2) mentioned above. The latter is more suitable for direct remote-access networks, whereas the former is better suited for linking remote data centers or office campuses.
The most apparent differences are that L2TPv3 works over IP packets and can carry any Layer 2 protocol like Ethernet and not just PPP. Most importantly, it can transmit multiple networks over a single session, making L2TPv3 over IPsec an effective site-to-site VPN solution for cases that require secure bridging of remote VLANs.
WireGuard is a strong newcomer contesting the ground OpenVPN and IPsec currently hold. It is significantly smaller and lighter than both. It resides in the kernel space and suffers from the same portability problems as IPsec, without the widespread adoption to make up for it. (Userspace implementations exist, although they're much slower.) Its "connectionless" approach yields small network overhead and seamless IP address roaming (so-called "road warrior" connection) that can transparently switch between IPv4 and IPv6.
WireGuard was designed with the idea of hardcoding sane defaults into the program, trading flexibility for simplicity. For example: Unlike OpenVPN, you cannot use TCP over 443 to disguise your connection as HTTPS against overzealous firewalls. Unlike IPsec, you cannot use a ciphering algorithm that takes advantage of AES hardware acceleration, so even though it outperforms IPsec on a modern PC, using it on a resource-constrained router is out of the question. Overall, it's an excellent solution for most, but certainly not all use-cases.
Virtual Tunnel Interface (VTI)
Sometimes all you need is a configurable virtual network interface for IP tunnels. VTI is precisely that. In practice, VTI works like an IP-IP tunnel interface bound to IPsec. It is sometimes described as a route-based VPN rather than a policy-based one like plain IPsec. It's an appropriate VPN solution for use-cases that call for transparent networking directly over an interface.
Generic Routing Encapsulation (GRE)
As its name implies, GRE is a generic tunneling protocol for encapsulating IP packets across point-to-point links. It's what PPTP uses internally. In the context of VPNs, GRE tunnels are often paired with IPsec for security. "So," you may ask, "why would I use GRE/IPsec if I can simply use VTI for IP-IP/IPsec?" GRE is protocol-agnostic and can be used to achieve dual-stack VPN connectivity, which cannot be done with plain VTI.
Dynamic Multipoint Virtual Private Network (DMVPN)
DMVPN is a site-to-site VPN suite that combines four different networking elements to make a flexible mesh of hub-and-spokes networks. These elements are:
- Multipoint GRE (mGRE) to establish connections between remote networks,
- Next-Hop Resolution Protocol (NHRP) to dynamically resolve network addresses,
- an IP routing protocol, such as Border Gateway Protocol (BGP) or Open Shortest Path First (OSPF), to dynamically route packets between networks, and
- IPsec for security.
DMVPN excels at large meshes of enterprise networks that dynamically change on the fly. It can reorient itself and adapt to attached and detached networks, making it well-suited for cloud data centers.
There are many more ways to establish VPNs than I can cover here, as all you need is a tunneling protocol and a security model, but plain IPsec or OpenVPN will cover 99% of VPN use cases. For the 1%, consider your requirements and options: Is this for a distributed network on the cloud? Is your software geared to work over interfaces? Do you need nothing more than a quick and painless solution that can work with your dual-stack endpoints? Have you considered whether you need a network virtualization solution like VXLAN or GENEVE instead?
Spoilers: We will cover all these solutions and their alternatives in-depth in future blog posts. Stay tuned for more! Oh, by the way, did I mention VyOS supports every single one of these out of the box?