The best SSL VPN: OpenVPN vs. SSTP VPN

OpenVPN is a free and open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses SSL security for encryption and is capable of traversing network address translators (NATs) and firewalls.

Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that provides a mechanism to transport PPP or L2TP traffic through an SSL 3.0 channel. The use of SSL over TCP port 443 allows SSTP to pass through virtually all firewalls and proxy servers. SSTP VPN was created and is endorsed by Microsoft.

Both technologies use high standard encryption with keys up to 2048 bits and are able to bypass firewalls by using common ports like 443 or 80. It is almost impossible to block these really advanced protocols. The only way to do it is by using deep packet inspection. However most networks do not engage in such practices and we would say that in 99% of cases you should be able to use a SSL VPN, be it SSTP or OpenVPN.

The availability of clients for OpenVPN is more wide than that of SSTP. You can use OpenVPN from Windows, MacOS and even some new IP Phones. Microsoft didn’t back-port the SSTP client to older versions of Windows(which, initially, they said they would), so that cuts off a large client-base. In contrast, though, SSTP doesn’t require the installation of third-party software on supported client operating systems. At the moment of this writing SSTP only works on Windows Vista SP1 and Windows 7.

To summarize the advantages/disadvantages of each technology take a look at the chart below:

In conclusion, if you are behind a restrictive firewall that blocks PPTP you can use a SSL VPN to successfully connect to your VPN Provider. If you are running Windows 7 or Vista SP1 we recommend you to use SSTP as it is easier to setup. For other OSs OpenVPN should do the job just fine.