Different VPN tunnel types in Windows - which one to use?
Hello Folks,
I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence.
Isn’t that COOL – like VPN user moving from Wifi to WWAN and back - giving a true mobile connectivity to corpnet ! Yes it is...
This means, Windows7 in-built VPN client and Windows 2008 R2 in-built VPN server (aka RRAS) supports following VPN tunnels:
· PPTP
· L2TP/IPSec
· SSTP
· VPN Reconnect (or IKEv2)
I am sure you must be wondering what is the need for 4 different tunnel types and which one to use in a given scenario. This blog helps to clarify the same.
Let us look at the technical specs which tries to summarize the tunnel features based upon different deployment factors:
First compare on network related parameters
Tunnel Type |
OS support |
Scenario |
IP Addressing |
Traversal |
Mobility Enabled |
PPTP |
XP, 2003, Vista, WS08, W7, WS08 R2 |
Remote Access Site-to-Site |
Works over IPv4 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT via PPTP enabled NAT routers |
No |
L2TP/IPSec |
XP, 2003, Vista, WS08, W7, WS08 R2 |
Remote Access Site-to-Site |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT |
No |
SSTP |
Vista SP1, WS08, W7, WS08 R2 |
Remote Access |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT, Firewalls, Web Proxy |
No |
VPN Reconnect |
W7, WS08 R2 |
Remote Access |
Works over IPv4 as well as IPv6 network
Relay IPv4 as well as IPv6 traffic on top of tunnel |
NAT |
Yes |
Now lets compare on security related parameters
Tunnel Type |
Authentication |
Comments
Anonymous
January 01, 2003
Hello Customers, As I wrote in this blog, there are four types of VPN tunnel supported by Windows 7 basedAnonymous
January 01, 2003
Tak samo jak kolejny post ten rozpoczynam pytaniem. Tym razem bez zbyt długiego rozpisywania odsyłamAnonymous
January 01, 2003
Hi Folks, Our team member Samir Jain has posted a nice blog on how you should decide which tunnel to