RapidVPN.com - How to setup a VPN?

OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).
OpenVPN allows peers to authenticate each other using a pre-shared secret key, certificates, or username/password. When used in a multiclient-server configuration, it allows the server to release an authentication certificate for every client, using signature and Certificate authority. It uses the OpenSSL encryption library extensively, as well as the SSLv3/TLSv1 protocol, and contains many security and control features.

Details	PPTP	L2TP/IPSec	OpenVPN
Background	A very basic VPN protocol based on PPP. PPTP was the first VPN protocol supported on the Microsoft Windows platform. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality.	An advanced protocol formally standardized in IETF RFC 3193 and now the recommended replacement for PPTP where secure data encryption is required.	OpenVPN is an advanced open source VPN solution backed by the company 'OpenVPN technologies' and which is now the de-facto standard in the open source networking space. It uses uses the mature SSL/TLS encryption protocols.
Data Encryption	The PPP payload is encrypted using Microsoft's Point-to-Point Encryption protocol (MPPE). MPPE implements the RSA RC4 encryption algorithm with a maximum of 128 bit session keys.	The L2TP payload is encrypted using the standardized IPSec protocol. RFC 4835 specifies either the 3DES or AES encryption algorithm for confidentiality. IVPN uses the AES algorithm with 256 bit keys. (AES256 is the first publicly accessible and open cipher approved by the NSA for top secret information)	OpenVPN uses the OpenSSL library to provide encryption. OpenSSL supports a number of different cryptographic algorithms such as 3DES, AES, RC5, Blowfish. As with IPSec, IVPN implements the extremely secure AES algorithm with 256 bit keys.
Setup / Configuration	All versions of Windows and most other operating systems including mobile platforms have built in support for PPTP. PPTP only requires a username, password and server address making it incredibly simple to setup and configure.	All versions of Windows since 2000/XP and Mac OSX 10.3+ have built in support for L2TP/IPSec. Most modern mobile platforms such and iPhone and Android include built in clients.	OpenVPN is not included in any operating system release and requires the installation of client software. The software installers are very user friendly and installation typically takes less than 5 minutes.
Speed	With 128 bit keys, the encryption overhead is less compared to OpenVPN which may make the VPN feel slightly faster than with 256 bit keys although the difference is negligable.	L2TP/IPSEC encapsulates data twice making it less efficient and slightly slower than its rivals.	When used in its default UDP mode, OpenVPN provides the best performance.
Ports	PPTP uses TCP port 1723 and GRE (Protocol 47). PPTP can be easily blocked by restricting the GRE protocol.	L2TP/IPSEC uses UDP 500 for the the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec is easier to block than OpenVPN due to its reliance on fixed protocols and ports.	OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block.
Stability / Compatibility	PPTP is not as realiable, nor does it recover as quickly as OpenVPN over unstable network connections. Minor compatibility issues with the GRE protocol and some routers.	L2TP/IPSec is more complex than OpenVPN and can be more difficult to configure to work reliably between devices behind NAT routers. However as long as both the server and client support NAT traversal, there should be few issues. In practice L2TP/IPSec has shown itself it be as reliable and stable as OpenVPN for IVPN customers.	Very stable and fast over wireless, cellular and other non reliable networks where packet loss and congestion is common. OpenVPN has a TCP mode for highly unreliable connections but this mode sacrifices some speed due to the ineffeciency of encapsulating TCP within TCP.
Security weaknesses	The Microsoft implementation of PPTP has serious security vulnerabilities. MSCHAP-v2 is vulnerable to dictionary attack and the RC4 algorithm is subject to a bit-flipping attack. Microsoft strongly recommends upgrading to IPSec where confidentiality is a concern.	IPSec has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES.	OpenVPN has no major vulnerabilities and is considered extremely secure when used with a secure encryption algorithm such as AES.
Client compatibility	Windows Mac OSX Linux Apple iOS Android DD-WRT	Windows Mac OSX Linux iOS Android	Windows (via 3rd party app) Mac OSX (via 3rd party app) Linux Android (via 3rd party app) IOS (via 3rd party app) DD-WRT (with the correct build)
Conclusion	Due to the major security flaws, there is no good reason to choose PPTP other than device compatibility. If you have a device on which neither L2TP/IPsec or OpenVPN is supported then it may be a reasonable choice. If quick setup and easy configuration are a concern then L2TP/IPsec should be considered.	L2TP/IPSec is an excellent choice but falls slightly short of OpenVPN's high performance and excellent stability. If you are using a mobile device running iOS (iPhone) or Android then it is the fastest to setup and configure as it is supported natively (no software to install), however we feel this should not be an important consideration.	OpenVPN is the best choice for all platforms. It is extremely fast, secure and reliable. Additionally, the IVPN multihop network is only available when connecting via OpenVPN. The only minor downside is the requirement to install a 3rd party client but on most platforms this only takes a few minutes.

Useful Tips

If you have problem in connectiong VPN, please follow these instructions:

Disable your windows firewall: (Control Panel>Windows Firewall).
Make sure your other security software (like antivirus) allowed to VPN. If you are using "Avast" antivirus please disable it and try again.
You should try all protocols PPTP, L2TP, OpenVPN to find out which of them is better for you.
If you want to use VPN software connection, make sure you have downloaded the correct connection from this page (32 bit or 64 bit).
To make sure that you have entered the username and password correctly, please copy paste them from the email.
Vista, Seven and Eight users please disable UAC before installing VPN: Open up Control Panel, and type in "UAC" into the search box. You'll see a link for "Turn User Account Control (UAC) on or off".
Please disconnect your VPN first before restarting or shutting down your computer.

PPTP vs L2TP

PPTP

The Point-to-Point Tunneling Protocol (PPTP), developed by Microsoft in conjunction with other technology companies, is the most widely supported VPN method among Windows clients. PPTP is an extension of the Internet standard Point-to-Point protocol (PPP), the link layer protocol used to transmit IP packets over serial links. PPTP uses the same types of authentication as PPP (PAP, SPAP, CHAP, MS-CHAP v.1/v.2 and EAP).

PPTP establishes the tunnel but does not provide encryption. PPTP encrypted using Microsoft Point-to-Point Encryption (MPPE) protocol to create a secure VPN. PPTP has relatively low overhead, this making it faster than some other VPN methods.

Most old vulnerabilities in PPTP are fixed these days and you can combine it with EAP to enhance it to require certificates as well. One advantage of using PPTP is that there is no requirement for a certificate infrastructure. However EAP does use digital certificates for mutual authentication (both client and server) and higher security.

How works: A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage as second GRE(generic routing encapsulation) tunnel to the same peer.

Port/rotocol: 1723 TCP and protocol GRE
User Authentication Protocol: EAP-TLS or MS-CHAP v2
Encryption method: MPPE (Microsoft Point-to-Point Encryption)
Encryption Strength: MPPE 40-128 bit

L2TP

The Layer 2 Tunneling Protocol (L2TP) was developed in cooperation between Cisco and Microsoft to combine features of PPTP with those of Cisco's proprietary Layer 2 Forwarding (L2F) protocol.

L2TP (Layer Two Tunneling Protocol) supports non-TCP/IP clients and protocols (such as Frame Relay, ATM and SONET).

L2TP does not provide any encryption orconfidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide privacy. Nowadays L2TP connections do not negotiate the use of PPP encryption through Microsoft Point-to-Point Encryption (MPPE). Instead, encryption is provided through the use of the Internet Protocol security (IPSec) Encapsulating Security Payload (ESP) header and trailer. It is also important to note that IPsec is more resource intensive than PPTP, hence the overhead with a L2TP solution is higher than PPTP.

Port: 1701 UDP
User Authentication Protocol: EAP-TLS or MS-CHAP v2
Encryption: IPSec
Encryption Strength: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms

L2TP vs PPTP

L2TP/IPSec and PPTP are similar in the following ways:

-provide a logical transport mechanism to send PPP payloads;
-provide tunneling or encapsulation so that PPP payloads based on any protocol can be sent across an IP network;
-rely on the PPP connection process to perform user authentication and protocol configuration.

Some facts about PPTP:

+ PPTP easy to deploy
+ PPTP use TCP, this reliable solution allow to retransmit lost packets
+ PPTP support
— PPTP less secure with MPPE(up to 128 bit)
— data encryption begins after the PPP connection process (and, therefore, PPP authentication) is completed
— PPTP connections require only user-level authentication through a PPP-based authentication protocol

Some facts about L2TP(over IPsec):

+ L2TP/IPSec data encryption begins before the PPP connection process
+ L2TP/IPSec connections use the AES(up to 256bit) or DESUup to three 56-bit keys)
+ L2TP/IPSec connections provide stronger authentication by requiring both computer-level authentication through certificates and user-level authentication through a PPP authentication protocol
+ L2TP use UDP. It is a faster, but less reliable, because it does not retransmit lost packets, is commonly used in real-time Internet communications
+ L2TP more "firewall friendly" than PPTP — a crucial advantage for an extranet protocol due to most firewalls do not support GRE
— L2TP require certificate infrastructure for issuing computer certificates

To summarize:

There's no clear winner, but PPTP is older, more light-weight, works in most cases and clients are readily pre-installed, giving it an advantage in normally being very easy to deploy and configure (without EAP). But for most of countries like UAE, Oman, Pakistan, Yemen, Saudi Arabia, Turkey, China, Singapore, Lebanon PPTP blocked by ISP or government so they need L2TP or SSL VPN which will describe in next posts.