Which is better L2TP vs OpenVPN?
If you are torn between OpenVPN or L2TP when choosing a VPN protocol, then check out the table below for a comparison of L2TP and OpenVPN protocol.
L2TP vs OpenVPN
L2TP/IPsec | OpenVPN | |
---|---|---|
Desription | L2TP (Layer 2 Tunneling Protocol) with IPsec (IP Security) is a very secure protocol available to a wide array of desktop and mobile devices. It is the recommended replacement for PPTP where secure data encryption is required. L2TP/IPsec is an excellent choice if OpenVPN is not available on your device, but you want more security than PPTP. | OpenVPN is an open source VPN software developed by 'OpenVPN technologies'. OpenVPN is the recommended protocol for desktops, including Windows, Mac OS X, and Linux. It uses uses the mature SSL/TLS encryption protocols. |
Encryption | L2TP/IPsec features 256-bit encryption, but the extra security overhead requires more CPU usage than PPTP. | OpenVPN features 256-bit encryption and is extremely stable and fast over networks with long distances and high latency. It provides greater security than PPTP and requires less CPU usage than L2TP/IPsec. |
Platform Compatibility |
|
|
Stability / Compatibility | L2TP/IPSec is harder to configure than OpenVPN when using on devices that does not support NAT. As long as the client supports NAT traversal, there should be no issues. In general L2TP/IPSec can be as stable and reliable as OpenVPN. | Most stable/reliable over wi-fi hotspots, 3G/cellular and even on unreliable networks. You can configure OpenVPN to run on TCP mode for highly unreliable connections but this mode sacrifices some speed due to the inefficiency of encapsulating TCP within TCP. |
Port Usage | L2TP/IPSEC can be easily blocked because it uses fixed protocols and ports. L2TP/IPSEC uses UDP 500 for the initial key exchange, protocol 50 for the IPSEC encrypted data (ESP), UDP 1701 for the initial L2TP configuration and UDP 4500 for NAT traversal. L2TP/IPSec. Because you cannot change those ports L2TP can be easily blocked if those ports are blocked. | OpenVPN can be easily configured to run on any port using either UDP or TCP. To easily bypass restrictive firewalls, OpenVPN can be configured to use TCP on port 443 which is indistinguihasble from standard HTTP over SSL making it extremely difficult to block. |
Speed | Slightly slower than OpenVPN because it requires more CPU processing to encapsulate data twice. Overall the speed is really negligible. | Fast speeds can be achieved even on connections with high latency and across great distances. Best when used using UDP. |
With regards to speed some people say OpenVPN when used in its default UDP mode is the fastest but I think both are more or less the same in speed. Speed depends much more on your connection to the server and other factors.
There are no know exploits with L2TP/IPsec and OpenVPN so they are both fairly secure.
Conclusion
The things that will let you choose one over the other is if L2TP/IPSec is blocked then you have no choice but to use OpenVPN.
Another one is you need to install a separate software for OpenVPN to work while L2TP/IPSec is supported on most operating systems and devices have built-in support for L2TP/IPSec. You simply need to fill in a server address, a username and password to configure and no additional software is needed.
OpenVPN is a good choice, but installing additional software and setting up the configuration files is sometimes troublesome for some users. If L2TP works then you may choose not to bother with OpenVPN.