When I use OpenVPN on a supported smart phone that can use OpenVPN Connect I feel more comfortable with this, instead of using L2TP, because with L2TP your storing a password and secret on the device, whereas with OpenVPN Connect you import your actual certs & keys which to me seems better/safer?
Is OpenVPN Connect more secure than L2TP?
Any Pros/Cons here between them?
THANKS
L2TP vs Connect On Android?
-
VPNTutorials
- OpenVpn Newbie
- Posts: 8
- Joined: Thu Jan 17, 2013 11:29 am
- Contact:
Re: L2TP vs Connect On Android?
I believe they are both secure. On a security perspective storing your password and your secret key is almost the same as importing your certificates and keys since both will be stored on your device.
More info on l2tp and openvpn here
More info on l2tp and openvpn here
-
chilinux
- OpenVPN Power User
- Posts: 156
- Joined: Thu Mar 28, 2013 8:31 am
Re: L2TP vs Connect On Android?
When implemented and configured correctly L2TP/IPSEC should provide security that is equivalent to OpenVPN. The key areas the OpenVPN come out ahead is in transparency, consistency and simplicity. For these reasons, I would consider it more likely that L2TP/IPSEC will be security issues from being misconfiguration and from misunderstands on the part of the user.
Key areas where L2TP/IPSEC and OpenVPN are the same:
- Both IPSEC and TLS (OpenVPN) are standardized protocols that have been openly reviewed
- Both IPSEC and TLS support standard cryptography algorithms that have been openly reviewed
However, the differences mostly stop there.
OpenVPN is implemented as an open source project that can be openly reviewed. Depending on the OS, IPSEC may or may not be.
OpenVPN can be upgraded independent of the OS kernel. Except for minor patches available for the current OS, upgrading IPSEC usually requires upgrading the entire OS.
OpenVPN configuration files are the same across OS'es. The method of configuring IPSEC not only changes between OSes but even different versions of Windows have different steps that must be taken to configure it.
OpenVPN allows for centralized control of the network route policies as part of the OpenVPN protocol. Centralized control of the IPSEC route policies must be done by another application separate from itself.
OpenVPN logs remain the same easy to parse text format between OS'es. IPSEC may use system specific methods to log like Windows Event Viewer and produce different styles of warning and error messages between versions making auditing it's logs more difficult.
OpenVPN is one protocol that goes to a single TCP or UDP port. L2TP/IPSEC is three protocols which involve IKE, L2TP and IPSEC. It is usually easier to troubleshoot network and firewall issues that inhibit OpenVPN than it is with IPSEC.
Key areas where L2TP/IPSEC and OpenVPN are the same:
- Both IPSEC and TLS (OpenVPN) are standardized protocols that have been openly reviewed
- Both IPSEC and TLS support standard cryptography algorithms that have been openly reviewed
However, the differences mostly stop there.
OpenVPN is implemented as an open source project that can be openly reviewed. Depending on the OS, IPSEC may or may not be.
OpenVPN can be upgraded independent of the OS kernel. Except for minor patches available for the current OS, upgrading IPSEC usually requires upgrading the entire OS.
OpenVPN configuration files are the same across OS'es. The method of configuring IPSEC not only changes between OSes but even different versions of Windows have different steps that must be taken to configure it.
OpenVPN allows for centralized control of the network route policies as part of the OpenVPN protocol. Centralized control of the IPSEC route policies must be done by another application separate from itself.
OpenVPN logs remain the same easy to parse text format between OS'es. IPSEC may use system specific methods to log like Windows Event Viewer and produce different styles of warning and error messages between versions making auditing it's logs more difficult.
OpenVPN is one protocol that goes to a single TCP or UDP port. L2TP/IPSEC is three protocols which involve IKE, L2TP and IPSEC. It is usually easier to troubleshoot network and firewall issues that inhibit OpenVPN than it is with IPSEC.