VPN Protocols: A Deep Dive into OpenVPN, WireGuard, IKEv2/IPsec, L2TP/IPsec, and PPTP

A Virtual Private Network (VPN) extends a private network across a public network, such as the internet. It allows users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs are crucial for enhancing online security and privacy in today's digital landscape. They are essential for secure remote access, protecting sensitive data, bypassing censorship, and accessing geo-restricted content.

Several VPN protocols are available, each with its own strengths and weaknesses. This article provides a detailed technical overview of five popular VPN protocols: OpenVPN, WireGuard, IKEv2/IPsec, L2TP/IPsec, and PPTP. We will explore their features, installation and configuration processes, troubleshooting tips, and best practices for implementation.

OpenVPN

OpenVPN is a widely used open-source VPN protocol known for its robust security and flexibility 1. It uses SSL/TLS for key exchange and encryption, providing a secure channel for data transmission. OpenVPN can operate in either TCP or UDP mode, offering adaptability to different network conditions and requirements.

Features of OpenVPN

• Strong encryption: OpenVPN supports various encryption algorithms, including AES-256, ensuring data confidentiality and integrity.

• Open-source: The open-source nature of OpenVPN allows for community-driven development, regular security audits, and transparency. This means that security experts worldwide can examine the code, identify and address potential vulnerabilities promptly 1.

• Cross-platform compatibility: OpenVPN is available on various operating systems, including Windows, macOS, Linux, Android, and iOS.

• Firewall traversal: OpenVPN can effectively bypass firewalls and network address translators (NATs), making it suitable for restrictive network environments.

• Flexibility: OpenVPN allows for customization with different encryption algorithms, key lengths, and authentication methods.

• Plugin support: OpenVPN supports third-party plugins 2, extending its functionality with features like flexible authentication options.

• Compliance with security standards: OpenVPN has achieved SOC 2 Type 2 and HIPAA compliance, demonstrating its commitment to meeting industry security and privacy standards 3.

Installation and Configuration of OpenVPN

The installation process for OpenVPN varies depending on the operating system and the specific OpenVPN implementation. Here's a general overview of the steps involved:

1. Install OpenVPN software: Download and install the OpenVPN client software on your device. This software is available for various operating systems and can typically be found in the respective package repositories or app stores.

2. Obtain configuration files: Obtain the necessary configuration files (.ovpn) from your VPN provider or network administrator. These files contain the settings required to establish a connection to the OpenVPN server. You can also import profiles directly from a URL or through integration with some VPN providers 4.

3. Import configuration files: Import the configuration files into the OpenVPN client software. This process may involve copying the files to a specific directory or using the import functionality within the client software.

4. Connect to the VPN: Initiate a connection to the VPN server using the imported configuration files. The client software will establish a secure tunnel to the server, encrypting your network traffic.

Troubleshooting OpenVPN

Here are some common issues and troubleshooting tips for OpenVPN:

• TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity): This error indicates a potential network connectivity issue between the client and the server. Check your internet connection, firewall settings, and any network restrictions that might be blocking the connection. You can also try restarting your network devices or contacting your internet service provider.

• TLS Error: local/remote TLS keys are out of sync: This error suggests that the TLS keys on the client and server are not synchronized. Upgrade to the latest OpenVPN Connect version or reinstall the configuration profile to resolve this issue. If the issue persists, check the TLS settings on both the client and server to ensure they match.

• Server poll timeout: This error indicates that the client is unable to reach the server. Check the server address, port number, and any network restrictions that might be blocking the connection. Verify that the server is running and that the necessary ports are open in the server's firewall.

Best Practices for Implementing OpenVPN

• Keep OpenVPN software updated: Regularly update your OpenVPN client and server software to benefit from the latest security patches and bug fixes.

• Use strong passwords and multi-factor authentication: Protect your VPN account with a strong password and enable multi-factor authentication for added security.

• Configure a firewall: Set up a firewall to control network access and prevent unauthorized connections to your VPN server.

• Monitor VPN logs: Regularly monitor OpenVPN logs to identify any unusual activity or potential security breaches.

• Optimize for performance: If you experience slow speeds or high latency, consider optimizing OpenVPN's performance by adjusting settings such as cipher, comp-lzo, and fragment. Refer to the official OpenVPN documentation for detailed guidance on performance tuning.

WireGuard

WireGuard is a relatively new open-source VPN protocol that has gained popularity for its simplicity, speed, and modern cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec and OpenVPN. WireGuard is designed for high performance and is suitable for various devices, from smartphones to routers.

Features of WireGuard

• High performance: WireGuard's lightweight codebase and efficient cryptography allow for fast connection speeds and low latency 5. This makes it particularly well-suited for applications that require high bandwidth and low latency, such as streaming, gaming, and video conferencing 5.

• Simplicity: WireGuard is easy to configure and deploy, with a minimal number of settings and a straightforward interface.

• Modern cryptography: WireGuard uses state-of-the-art cryptography, including the Noise protocol framework, Curve25519, ChaCha20, and Poly1305.

• Cross-platform compatibility: WireGuard is available on various operating systems, including Windows, macOS, Linux, Android, and iOS.

• NAT traversal: WireGuard can seamlessly traverse NAT devices, making it suitable for various network setups.

Installation and Configuration of WireGuard

The installation process for WireGuard varies depending on the operating system. Here's a general overview of the steps involved:

1. Install WireGuard software: Download and install the WireGuard client and server software on your devices. This software is available for various operating systems and can typically be found in the respective package repositories or app stores.

2. Generate keys: Generate public and private keys for both the client and server devices. These keys are used for authentication and encryption.

3. Configure WireGuard: Create configuration files for both the client and server, specifying the IP addresses, port numbers, and public keys. If you have a dynamic IP address, consider using a dynamic DNS service to maintain a consistent hostname for your VPN connection 6.

4. Start WireGuard: Start the WireGuard interface on both the client and server devices. The client will establish a secure tunnel to the server, encrypting your network traffic.

Troubleshooting WireGuard

Here are some common issues and troubleshooting tips for WireGuard:

• Destination address required: This error indicates that the WireGuard interface does not know the endpoint for the destination IP address. Ensure that the Endpoint configuration is correctly set in the client configuration file. This configuration specifies the IP address and port number of the server that the client should connect to.

• Required key not available: This error occurs when the WireGuard interface does not have the target address listed in its AllowedIPs configuration. Verify the AllowedIPs list on all peers. This list defines the IP addresses or subnets that are allowed to communicate through the VPN tunnel.

Best Practices for Implementing WireGuard

• Secure your private keys: Store your private keys securely and do not share them with unauthorized individuals.

• Use a dynamic DNS service: If your server has a dynamic IP address, use a dynamic DNS service to maintain a consistent hostname for your VPN connection.

• Configure firewall rules: Set up firewall rules to control network access and prevent unauthorized connections to your WireGuard server.

• Enable persistent keepalive: For peers behind NAT or firewalls, enable persistent keepalive to maintain the VPN connection. This setting sends periodic keepalive packets to prevent the NAT or firewall from closing the connection due to inactivity.

IKEv2/IPsec

IKEv2/IPsec is a VPN protocol that combines the Internet Key Exchange version 2 (IKEv2) and Internet Protocol Security (IPsec) protocols. IKEv2 establishes a secure connection and negotiates security associations, while IPsec provides encryption and authentication for the data transmitted through the VPN tunnel. IKEv2/IPsec is known for its speed, stability, and security.

Features of IKEv2/IPsec

• Fast and stable: IKEv2/IPsec offers fast connection speeds and maintains stable connections, even when switching between networks.

• Secure: IKEv2/IPsec supports strong encryption algorithms, including AES-256, and provides authentication to ensure data confidentiality and integrity.

• Automatic reconnection: IKEv2/IPsec can automatically reconnect if the VPN connection is interrupted, making it suitable for mobile devices.

• Mobility support: IKEv2/IPsec supports MOBIKE 7, allowing for seamless roaming between networks without dropping the VPN connection. This is particularly beneficial for mobile users who frequently switch between Wi-Fi and cellular data networks 8.

• Cross-platform compatibility: IKEv2/IPsec is supported on various operating systems, including Windows, macOS, Linux, Android, and iOS.

Installation and Configuration of IKEv2/IPsec

The installation and configuration process for IKEv2/IPsec varies depending on the operating system and the specific VPN implementation. Here's a general overview of the steps involved:

1. Install VPN client software: Download and install a VPN client software that supports IKEv2/IPsec on your device.

2. Obtain VPN configuration details: Obtain the necessary VPN configuration details from your VPN provider or network administrator. This may include server address, username, password, and any required certificates.

3. Configure VPN connection: Configure the VPN connection on your device using the obtained details. This typically involves creating a new VPN connection profile and entering the server address, authentication information, and other settings. On iOS devices, you can configure IKEv2/IPsec by going to Settings > General > VPN & Device Management > VPN and adding a new VPN configuration 9.

4. Connect to the VPN: Initiate a connection to the VPN server. The client software will establish a secure tunnel using IKEv2/IPsec, encrypting your network traffic.

Troubleshooting IKEv2/IPsec

Here are some common issues and troubleshooting tips for IKEv2/IPsec:

• IKE Authentication Credentials are Unacceptable: This error indicates an issue with the authentication credentials or certificates. Verify that you have entered the correct username and password and that any required certificates are installed correctly. You can also try resetting your VPN password or contacting your VPN provider for assistance.

• IKEv2 negotiation failed: This error suggests a mismatch in IKEv2 parameters between the client and server. Check the IKEv2 settings on both ends, including encryption algorithms, hash algorithms, and DH groups. Ensure that both the client and server are using the same IKEv2 version and that the selected parameters are compatible.

• Connectivity issues: If you are unable to connect to the VPN or experience slow speeds, check your internet connection, firewall settings, and any network restrictions that might be blocking the connection. Try restarting your network devices or contacting your internet service provider.

Best Practices for Implementing IKEv2/IPsec

• Use strong pre-shared keys or certificates: Protect your VPN connection with a strong pre-shared key or use certificates for authentication. Certificates provide a more secure authentication method compared to pre-shared keys.

• Configure firewall rules: Set up firewall rules to allow IKEv2/IPsec traffic (UDP port 500 for IKE, UDP port 4500 for NAT-T, and ESP protocol number 50). This ensures that the necessary traffic can pass through your firewall without being blocked.

• Enable Dead Peer Detection (DPD): DPD helps to detect and recover from VPN tunnel failures. It sends periodic probes to the peer device to check if it is still reachable.

• Keep your VPN client software updated: Regularly update your VPN client software to benefit from the latest security patches and bug fixes.

• Consider using IKEv2 with MOBIKE: If you require seamless roaming between networks, consider using IKEv2 with MOBIKE. This feature allows the VPN connection to remain active even when switching between networks, such as from Wi-Fi to cellular data.

L2TP/IPsec

L2TP/IPsec is a VPN protocol that combines the Layer 2 Tunneling Protocol (L2TP) with IPsec. L2TP creates a tunnel between the client and the VPN server, while IPsec provides encryption and authentication for the data transmitted through the tunnel. L2TP/IPsec is widely supported on various operating systems and devices.

Features of L2TP/IPsec

• Widely supported: L2TP/IPsec is supported on most modern operating systems and devices 10, making it a versatile choice for VPN connections.

• Secure: IPsec provides encryption and authentication for the data transmitted through the L2TP tunnel, ensuring data confidentiality and integrity.

• Easy to set up: L2TP/IPsec is relatively easy to set up and configure 10, especially on devices with built-in support.

• Multi-protocol support: L2TP can encapsulate various network protocols, making it suitable for different network environments.

Installation and Configuration of L2TP/IPsec

The installation and configuration process for L2TP/IPsec varies depending on the operating system and the specific VPN implementation. Here's a general overview of the steps involved:

1. Enable L2TP/IPsec: Enable L2TP/IPsec on your VPN server or router. This may involve configuring settings such as pre-shared keys, IP address ranges, and authentication methods.

2. Configure VPN connection: Configure the VPN connection on your client device. This typically involves creating a new VPN connection profile and entering the server address, authentication information, and other settings. On Windows 11 devices, you can configure L2TP/IPsec by going to Settings > Network & Internet > VPN and adding a new VPN connection 11.

3. Connect to the VPN: Initiate a connection to the VPN server. The client device will establish an L2TP tunnel and use IPsec for encryption and authentication.

Troubleshooting L2TP/IPsec

Here are some common issues and troubleshooting tips for L2TP/IPsec:

• VPN connection attempt failed: This error may occur due to incorrect VPN settings, network connectivity issues, or firewall restrictions. Verify your VPN configuration, check your internet connection, and ensure that the necessary ports are open in your firewall. If the issue persists, try restarting your network devices or contacting your VPN provider for assistance.

• Slow speeds: L2TP/IPsec can be slower than other VPN protocols due to the double encapsulation process 12. This is because the data is encapsulated twice, once by L2TP and once by IPsec. Consider using a different VPN protocol if speed is a critical requirement.

• NAT traversal issues: L2TP/IPsec may encounter issues with NAT traversal. Ensure that both the client and server support NAT-T (NAT Traversal) to overcome these issues. NAT-T allows L2TP/IPsec traffic to pass through NAT devices without being blocked.

Best Practices for Implementing L2TP/IPsec

• Use a strong pre-shared key: Protect your VPN connection with a strong pre-shared key to ensure secure authentication. A strong pre-shared key should be long, random, and difficult to guess.

• Enable CHAP and MS-CHAP v2: Enable CHAP and MS-CHAP v2 authentication protocols for enhanced security. These protocols provide mutual authentication between the client and server.

• Configure firewall rules: Set up firewall rules to allow L2TP/IPsec traffic (UDP ports 500, 1701, and 4500). This ensures that the necessary traffic can pass through your firewall without being blocked.

• Enable L2TP Passthrough: If your router supports L2TP Passthrough, enable it to allow L2TP traffic to pass through the router. L2TP Passthrough allows L2TP packets to be routed through the router without being blocked.

PPTP

PPTP (Point-to-Point Tunneling Protocol) is one of the oldest VPN protocols. It is known for its simplicity and ease of setup but has significant security vulnerabilities. PPTP uses MPPE (Microsoft Point-to-Point Encryption) for encryption, which is considered weak by modern standards.

Features of PPTP

• Simplicity: PPTP is easy to set up and configure, making it accessible to users with limited technical knowledge.

• Widely supported: PPTP is supported on most older operating systems and devices.

• Fast speeds: PPTP offers fast connection speeds due to its less complex encryption process.

• Uses TCP port 1723 and GRE for tunneling: PPTP uses TCP port 1723 for establishing the control channel and GRE (Generic Routing Encapsulation) for tunneling the PPP frames 13.

Installation and Configuration of PPTP

The installation and configuration process for PPTP varies depending on the operating system. Here's a general overview of the steps involved:

1. Enable PPTP: Enable PPTP on your VPN server or router. This may involve configuring settings such as username, password, and authentication methods.

2. Configure VPN connection: Configure the VPN connection on your client device. This typically involves creating a new VPN connection profile and entering the server address, authentication information, and other settings. On Windows 10 devices, you can configure PPTP by going to Settings > Network & Internet > VPN and adding a new VPN connection 14.

3. Connect to the VPN: Initiate a connection to the VPN server. The client device will establish a PPTP tunnel.

Troubleshooting PPTP

Here are some common issues and troubleshooting tips for PPTP:

• VPN Error 800 - Unable to establish the VPN connection: This error indicates that PPTP packets from the VPN client cannot reach the VPN server. Check your internet connection, firewall settings, and any network restrictions that might be blocking the connection. You can also try restarting your network devices or contacting your internet service provider.

• VPN Error 734 - The PPP link control protocol terminated: This error suggests a mismatch in the protocol between the PPTP client and server. Ensure that both the client and server support the same authentication and encryption protocols. Check the settings on both ends and make sure they are compatible.

• VPN Error 691 - Access denied because username and/or password is invalid on the domain: This error indicates an issue with the authentication credentials. Verify that you have entered the correct username and password. You can also try resetting your VPN password or contacting your VPN provider for assistance.

Best Practices for Implementing PPTP

Due to its security vulnerabilities, PPTP is not recommended for use in scenarios where security is a primary concern 15. If you must use PPTP, consider the following best practices:

• Use a strong password: Protect your VPN account with a strong password to make it more difficult for attackers to crack. A strong password should be long, random, and include a mix of uppercase and lowercase letters, numbers, and symbols.

• Enable MPPE encryption: Enable MPPE encryption with the strongest available key length (128-bit). MPPE is the encryption protocol used by PPTP, and enabling it with the strongest key length provides a minimal level of security.

• Use a firewall: Set up a firewall to control network access and prevent unauthorized connections to your VPN server. A firewall can help to block unauthorized access attempts and protect your network from potential attacks.

Official Documentation and Guides

In addition to the information provided in this article, it is essential to refer to the official documentation and guides for each VPN protocol for comprehensive and up-to-date information. Here are some valuable resources:

OpenVPN:

• OpenVPN Community Resources: This website provides a wealth of information on OpenVPN, including how-to guides, FAQs, and a reference manual. You can find detailed instructions on installing, configuring, and troubleshooting OpenVPN 16.

• OpenVPN Access Server Documentation: If you are using OpenVPN Access Server, refer to the official documentation for specific instructions and guidance.

WireGuard:

• WireGuard Website: The official WireGuard website provides a conceptual overview of the protocol, installation instructions, and a list of known limitations 17.

• WireGuard Documentation: The WireGuard documentation provides detailed information on configuring WireGuard, including server and client configurations, key generation, and troubleshooting tips 18.

IKEv2/IPsec:

• RFC 7296: This RFC (Request for Comments) document describes the Internet Key Exchange Protocol Version 2 (IKEv2) in detail. It provides a comprehensive overview of the protocol's features, operation, and security considerations 19.

• strongSwan Documentation: strongSwan is an open-source IPsec implementation that supports IKEv2. The strongSwan documentation provides detailed information on configuring and troubleshooting IKEv2/IPsec 20.

L2TP/IPsec:

• RFC 2661: This RFC document describes the Layer Two Tunneling Protocol (L2TP) in detail. It provides a comprehensive overview of the protocol's features, operation, and security considerations 21.

• Microsoft Documentation: Microsoft provides documentation on configuring L2TP/IPsec on Windows devices. You can find instructions on setting up L2TP/IPsec VPN connections and troubleshooting common issues 22.

PPTP:

• RFC 2637: This RFC document describes the Point-to-Point Tunneling Protocol (PPTP) in detail. It provides a comprehensive overview of the protocol's features, operation, and security considerations 23.

• Microsoft Documentation: Microsoft provides documentation on configuring PPTP on Windows devices. You can find instructions on setting up PPTP VPN connections and troubleshooting common issues 24.

Best Practices for Implementing VPN Protocols in Different Scenarios

When implementing a VPN solution, it's crucial to consider the specific scenario and choose the most suitable VPN protocol and configuration. Here are some best practices for implementing VPN protocols in different scenarios:

Remote Access:

• For users who require secure remote access to a corporate network, OpenVPN or IKEv2/IPsec are recommended due to their strong security and stability.

• If speed is a primary concern, WireGuard can be a good option, especially for users with modern devices and operating systems.

• L2TP/IPsec can be used as an alternative if OpenVPN or IKEv2/IPsec are not supported or if compatibility with older devices is required.

• Avoid using PPTP for remote access due to its security vulnerabilities.

Site-to-Site VPNs:

• For connecting multiple networks or branch offices, OpenVPN or IPsec are recommended due to their ability to handle site-to-site VPN configurations.

• WireGuard can also be used for site-to-site VPNs, especially if high performance and low latency are required.

• Consider using a dedicated VPN appliance or router for site-to-site VPNs to ensure optimal performance and security.

Mobile Devices:

• IKEv2/IPsec is generally the preferred choice for mobile devices due to its ability to maintain stable connections even when switching between networks.

• WireGuard is also a good option for mobile devices, especially for users who prioritize speed and simplicity.

• OpenVPN can be used on mobile devices, but it may require manual configuration or third-party software.

High-Security Environments:

• For high-security environments, OpenVPN or IPsec with strong encryption algorithms and authentication methods are recommended.

• Consider using certificates for authentication instead of pre-shared keys for enhanced security.

• Implement multi-factor authentication for an extra layer of security.

Restricted Networks:

• OpenVPN is known for its ability to bypass firewalls and network restrictions, making it suitable for restrictive network environments.

• WireGuard can also be effective in bypassing restrictions, but it may require additional configuration or obfuscation techniques.

Comparison of VPN Protocols

Conclusion

Choosing the right VPN protocol depends on your specific needs and priorities. OpenVPN is a versatile and secure option with strong encryption, flexibility, and cross-platform compatibility. WireGuard offers high performance and simplicity, making it ideal for applications that require speed and efficiency. IKEv2/IPsec excels in mobile environments due to its stability and ability to maintain connections even when switching between networks. L2TP/IPsec is widely supported and easy to set up, making it a good choice for basic VPN needs. PPTP, although widely available, should be avoided due to its security vulnerabilities. By understanding the features, advantages, and disadvantages of each protocol, you can make an informed decision and implement a VPN solution that best suits your requirements.

Works cited

1. What is OpenVPN, and how does it work? - NordVPN, accessed on February 13, 2025, https://nordvpn.com/blog/what-is-openvpn/

2. OpenVPN Access Server Advantages, accessed on February 13, 2025, https://openvpn.net/advantages/

3. VPN - OpenVPN Blog, accessed on February 13, 2025, https://blog.openvpn.net/tag/vpn

4. How to Install OpenVPN Connect on Windows, accessed on February 13, 2025, https://openvpn.net/connect-docs/installation-guide-windows.html

5. WireGuard: The Next-Generation VPN Protocol - Startup Defense, accessed on February 13, 2025, https://www.startupdefense.io/blog/wireguard-the-next-generation-vpn-protocol

6. How to get started with WireGuard VPN - UpCloud, accessed on February 13, 2025, https://upcloud.com/resources/tutorials/get-started-wireguard-vpn

7. IKEv2 and IPsec VPN Protocols Explained | VeePN Blog, accessed on February 13, 2025, https://veepn.com/blog/ikev2-ipsec-protocol/

8. The Ins and Outs of IKEv2/IPsec: A Beginner's Guide - Homerdp, accessed on February 13, 2025, https://homerdp.com/the-ins-and-outs-of-ikev2-ipsec-a-beginners-guide/

9. Configuring IPsec IKEv2 Sites - Cato Learning Center, accessed on February 13, 2025, https://support.catonetworks.com/hc/en-us/articles/4413265635473-Configuring-IPsec-IKEv2-Sites

10. L2TP/IPsec Protocol Explained in Simple Terms - Web Hosting Research Database, accessed on February 13, 2025, https://websitehosting.com/faq/l2tp-ipsec-protocol/

11. Configure IPsec/L2TP VPN Clients - GitHub, accessed on February 13, 2025, https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/clients.md

12. IPsec versus L2TP/IPsec - Super User, accessed on February 13, 2025, https://superuser.com/questions/378252/ipsec-versus-l2tp-ipsec

13. What Is PPTP (Point-to-Point Tunneling Protocol)? - Palo Alto Networks, accessed on February 13, 2025, https://www.paloaltonetworks.com/cyberpedia/what-is-pptp

14. How to set up PPTP VPN connection on Windows 10, accessed on February 13, 2025, https://thesafety.us/vpn-setup-pptp-windows10

15. A PPTP VPN - what is it? All you need to know about this protocol - Surfshark, accessed on February 13, 2025, https://surfshark.com/blog/what-is-pptp

16. Guide To Set Up & Configure OpenVPN Client/Server VPN, accessed on February 13, 2025, https://openvpn.net/community-resources/how-to/

17. WireGuard: fast, modern, secure VPN tunnel, accessed on February 13, 2025, https://www.wireguard.com/

18. WireGuard - RouterOS - MikroTik Documentation, accessed on February 13, 2025, https://help.mikrotik.com/docs/spaces/ROS/pages/69664792/WireGuard

19. RFC 7296 - Internet Key Exchange Protocol Version 2 (IKEv2) - IETF Datatracker, accessed on February 13, 2025, https://datatracker.ietf.org/doc/html/rfc7296

20. Introduction to the IPsec Protocol - strongSwan Documentation, accessed on February 13, 2025, https://docs.strongswan.org/docs/latest/howtos/ipsecProtocol.html

21. L2TP - RouterOS - MikroTik Documentation - Support, accessed on February 13, 2025, https://help.mikrotik.com/docs/spaces/ROS/pages/2031631/L2TP

22. L2TP-ipsec-vpn/docs/clients.md at master - GitHub, accessed on February 13, 2025, https://github.com/nu11secur1ty/L2TP-ipsec-vpn/blob/master/docs/clients.md

23. RFC 2637 Point-to-Point Tunneling Protocol (PPTP) - IETF, accessed on February 13, 2025, https://www.ietf.org/rfc/rfc2637.txt

24. [MS-PTPT]: Introduction - Microsoft Learn, accessed on February 13, 2025, https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ptpt/e2eada2f-de4a-4c4a-a543-a90165393521