VPN Alphabet Soup
November 3, 2011 6:20 PM Subscribe
Which VPN protocol should I use?
I've been reading a bunch of askme's about VPNs and haven't seen this particular topic addressed. I'm thinking of using StrongVPN (but willing to listen to other recommendations). My particulars:
In California USA. Win7 pc laptop. Looking to be able to stream hulu, espn, iplayer, anonymize my browsing, add another layer of security to my online transactions, and some p2p.
Strong VPN offers Open VPN; PPTP; L2TP; SSTP. Which is best for me? Does it make a difference? Thanks, Mefites!
I've been reading a bunch of askme's about VPNs and haven't seen this particular topic addressed. I'm thinking of using StrongVPN (but willing to listen to other recommendations). My particulars:
In California USA. Win7 pc laptop. Looking to be able to stream hulu, espn, iplayer, anonymize my browsing, add another layer of security to my online transactions, and some p2p.
Strong VPN offers Open VPN; PPTP; L2TP; SSTP. Which is best for me? Does it make a difference? Thanks, Mefites!
OpenVPN works in a lot of places and a lot of ways you wouldn't expect it to. I use it on Win7 every day and on my Mac using Tunnelblick as well every day. Just keep in mind that you need to run the OpenVPN Desktop Client as administrator, or at least you did last time I updated it.
posted by SpecialK at 7:35 PM on November 3, 2011
posted by SpecialK at 7:35 PM on November 3, 2011
Best answer: I use OpenVPN for all of my various VPN setups. No complaints, it's great.
Note, though, that a VPN will not make an unsecured online transaction any more secure. Any transaction involving credit card details should be end-to-end encrypted, so that none of the routers your packets pass through can read those packets in transit. HTTPS connections already do this. Adding another encrypted hop (from you to the VPN server) doesn't change anything - if you're not talking to a server with HTTPS, your packets will be readable on all of the hops between the VPN server and the destination server, and if you are using HTTPS, the extra hop didn't buy you anything.
Also, while your VPN browsing might be anonymized as far as destination servers can tell, StrongVPN will still know who you're talking to, and will probably have to provide records to that effect if subpoenaed. Anonymous browsing requires more layers, like you get with TOR.
posted by zjacreman at 9:09 PM on November 3, 2011
Note, though, that a VPN will not make an unsecured online transaction any more secure. Any transaction involving credit card details should be end-to-end encrypted, so that none of the routers your packets pass through can read those packets in transit. HTTPS connections already do this. Adding another encrypted hop (from you to the VPN server) doesn't change anything - if you're not talking to a server with HTTPS, your packets will be readable on all of the hops between the VPN server and the destination server, and if you are using HTTPS, the extra hop didn't buy you anything.
Also, while your VPN browsing might be anonymized as far as destination servers can tell, StrongVPN will still know who you're talking to, and will probably have to provide records to that effect if subpoenaed. Anonymous browsing requires more layers, like you get with TOR.
posted by zjacreman at 9:09 PM on November 3, 2011
The other side of the equation is where does the other end of the VPN connect? Setting up a VPN creates a (hopefully) secure connection between two endpoints. The routers along the path of that VPN won't be able to see what's inside the packets, but they will be able to see where they are coming from. If you are purchasing a VPN service, they will be able to see that bluejayway's laptop is moving data between itself and that service.
posted by gjc at 6:59 AM on November 4, 2011
posted by gjc at 6:59 AM on November 4, 2011
I went with PPTP because of the out-of-box support it has with Windows,iPhone (which actually did come in handy) and OSX. It works great, don't even think about anymore.
Years ago I tried OpenSSL but felt that tunnelblick was clunky.
Admittedly, I'm not really concerned with security. Just trying to keep casual eyes (work) from spying on me.
posted by rickim at 8:04 AM on November 4, 2011
Years ago I tried OpenSSL but felt that tunnelblick was clunky.
Admittedly, I'm not really concerned with security. Just trying to keep casual eyes (work) from spying on me.
posted by rickim at 8:04 AM on November 4, 2011
Best answer: For those with slightly more concern for security, PPTP is known to be insecure, and even Microsoft discourages it's use. You might care about that if, say, some security type says "I wonder why this guy has a tunnel pinned up" and decides to figure out what you're doing. Yes, we do that sort of thing.
posted by kjs3 at 12:47 PM on November 4, 2011
posted by kjs3 at 12:47 PM on November 4, 2011
I've used StrongVPN in the past year, and do not recommend them:
As part of the signup process, I had to choose a login/password. Okay so far.
However, they sent the password back to me in plain text in the confirmation email. Which means they most likely store passwords in plain text. Major red flag.
posted by quartz at 10:55 PM on November 4, 2011
As part of the signup process, I had to choose a login/password. Okay so far.
However, they sent the password back to me in plain text in the confirmation email. Which means they most likely store passwords in plain text. Major red flag.
posted by quartz at 10:55 PM on November 4, 2011
Response by poster: Thanks all. I went with StrongVPN and am switching back and forth between an Open server and LT2P depending on whether I want my iPad and phone to be on the network as well.
I did want to respond to quartz, though. StrongVPN did not send me any user info via email. Not even a username. The account specific details seem only to be available in the members section of the website.
posted by bluejayway at 9:15 AM on November 11, 2011
I did want to respond to quartz, though. StrongVPN did not send me any user info via email. Not even a username. The account specific details seem only to be available in the members section of the website.
posted by bluejayway at 9:15 AM on November 11, 2011
This thread is closed to new comments.
If you find a decent OpenVPN client, then go with that. If you don't, then out of the other three I'd have a look at SSTP I think, and then L2TP. I'd avoid PPTP 'cause I don't trust its security design.
posted by krilli at 6:36 PM on November 3, 2011