Different VPN tunnel types in Windows - which one to use?
Hello Folks,
I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence.
Isn’t that COOL – like VPN user moving from Wifi to WWAN and back - giving a true mobile connectivity to corpnet ! Yes it is...
This means, Windows7 in-built VPN client and Windows 2008 R2 in-built VPN server (aka RRAS) supports following VPN tunnels:
· PPTP
· L2TP/IPSec
· SSTP
· VPN Reconnect (or IKEv2)
I am sure you must be wondering what is the need for 4 different tunnel types and which one to use in a given scenario. This blog helps to clarify the same.
Let us look at the technical specs which tries to summarize the tunnel features based upon different deployment factors:
First compare on network related parameters
Tunnel Type |
OS support |
Scenario |
IP Addressing |
Traversal |
Mobility Enabled |
PPTP |
XP, 2003, Vista, WS08, W7, WS08 R2 |
Remote Access Site-to-Site |
Works over IPv4 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT via PPTP enabled NAT routers |
No |
L2TP/IPSec |
XP, 2003, Vista, WS08, W7, WS08 R2 |
Remote Access Site-to-Site |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT |
No |
SSTP |
Vista SP1, WS08, W7, WS08 R2 |
Remote Access |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT, Firewalls, Web Proxy |
No |
VPN Reconnect |
W7, WS08 R2 |
Remote Access |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT |
Yes |
Now lets compare on security related parameters
Tunnel Type |
Authentication |