According to a survey, IPSec and OpenVPN are popular VPNs. The white paper says that WireGuard is being made to replace both VPN options and do them better. OpenVPN backs new projects like WireGuard, which have different goals based on what users want.
Market share shows which VPN solutions the top 15 VPNs support. OpenVPN is supported more often than IPSec. On the three main OSs, all VPN solutions work. OpenVPN has 70.000 lines of code, omitting cryptographic primitives, according to their own claim, while WireGuard says it has 4000. The Salter implementation of an IPSEC using Strongswan contains 400.000 lines of code. Cryptographic primitives are included.
OpenVPN
Since its release in 2001, 50 million people have downloaded OpenVPN. SSL/TLS is used to encrypt and exchange keys. OpenVPN is secure because everyone can review the code and scrutinize it extensively. Cryptography Engineering’s 2017 evaluation of OpenVPN revealed no serious flaws. The default is UDP, but TCP is supported. UDP is faster but doesn’t rectify errors. Windows, macOS, and Linux all support OpenVPN.
IPSec with L2TP
In 1995, an IETF security group standardized IPSec in RFC1825 as part of the IPv4 suite as an open standard.
IPSec is a set of protocols that function together. L2TP (Layer 2 Tunneling Protocol) encapsulates the VPN payload for tunneling. IPSec adds security by encrypting and negotiating tunnel keys, like other VPNs. Protocols act on data packets. Now the IP payload has encrypted security.
It is difficult to set up and manage a VPN using this method. IPSec uses private keys and certificates. Ferguson and Schneier (2003) say IPSec’s protocol suite is too complicated. But their investigation found better alternatives. Encryption and decryption make L2TP, like all VPNs, extremely processor-intensive. IPSec works on Windows, macOS, and Linux like OpenVPN.
WireGuard
VPN WireGuard attempts to replace OpenVPN and IPSec. It says that it is more useful than IPSec because it is less complicated and works better than OpenVPN. Originally written for Linux, it’s now available on additional platforms. Like OpenVPN and IPSec, is open source, so anyone can audit it. SSH-like asymmetric key cryptography is a design goal.
WireGuard uses advanced encryption algorithms such as NOISE, BLAKE2, and Curve25519. All of this with less than 4000 lines of code (excluding cryptographic primitives) at the whitepaper release. Wireguard is UDP-only, per Donenfeld, 2018.
WireGuard was sent for Linux kernel evaluation. WireGuard developers addressed one reason it wasn’t added before. On the Linux kernel mailing list in 2018, Linus Thorvalds praised WireGuard. WireGuard was launched as a pre-release in 2018. This could mean that this VPN is “faster, simpler, and leaner” than previous VPN options.
Other VPN solutions
Most VPN services employ IPSec or OpenVPN, according to the survey. PPTP and SSTP, which are widely used, were omitted.
PPTP
Microsoft does not advocate using PPTP (Point-to-Point Tunneling Protocol) due to security risks (“Microsoft Security Advisory 2743314, 2017”). 128-bit encryption is insufficient today. Even though bit count isn’t the only encryption factor, authentication mechanisms are also insecure.
SSTP (Secure Socket Tunneling Protocol)
SSL is used by both SSTP and OpenVPN, but OpenVPN is free while SSTP is owned by Microsoft. Lawas et al. (2016) compared SSTP and IKEv2 (IKEv2). IKEv2 builds tunnels like L2TP (both are built into IPSec). The VPN server was running Windows Server 2012, and the clients were running Windows 8.1. Researchers used a distributed Internet traffic generator (D-ITG) to make traffic and measure throughput, jitter, and latency and found that IKEv2 was better than SSTP in every situation. They suggested testing more VPN systems and operating systems. OpenSSH was omitted due to its poor market share.
OpenSSH
OpenSSH VPN is an open-source version of SSH (secure shell). SSH lets you access and operate network services securely over an unsafe network like the Internet. Asymmetric cryptography secures it (public and private keys). The researchers measured throughput, jitter, and latency on a full Linux testbed at a genuine corporation between sites using iPerf. OpenSSH was faster than OpenVPN, according to this study. Using the same infrastructure, OpenSSH VPN had higher throughput than OpenVPN. Khan et al. (2018) studied the top 15 VPNs and found none offer OpenSSH.
What do you think is the better VPN solution? Do let us know in the comment section
Author
Purushotham
Purushotham is the CTO of BVN Business Solutions. He has 10+ years of experience in the IT industry.