Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IKEv2 VS  SSTP

Posted on 2016-08-09
4
Medium Priority
?
605 Views
Last Modified: 2016-09-03
I've setup a Windows 2012R2 VPN Server with a public certificate.

I'm able to access the server remotely using SSTP.

I've heard that apparently the connection through IKEv2 is faster and more stable than SSTP. Is this true?

For the above reasons, would an IKEv2 setup be better than SSTP?

Thanks, Jonathan
0
Comment
Question by:RFVDB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 42

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 41749342
IKEv2 is faster and potentially more stable, but that is primarily due to the fact that it is not a "Complete" VPN protocol. IKEv2 was developed only to allow secure private key exchange between endpoints to enable better encryption with IPsec. However, as an entire VPN solution, it is not technically as secure as most other VPN protocols, since it utilizes the same kind of Key Exchange used when communicating with HTTPS servers.

SSTP, on the other hand, does the same thing as IKEv2, but only uses that portion of the VPN establishment to exchange private key information to further encrypt the session. This means the encryption is stronger in SSTP and doesn't rely on a shared key, but instead utilizes full PKI encryption. That's why in runs slower. It has to do more work. Further, SSTP is able to traverse firewalls over port 443, so it does not open a specialized port in the firewall (which can be discovered fairly easily), meaning the use of a VPN is significantly more difficult to determine.
0
 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 2000 total points
ID: 41749457
As for which will be better, the answer is, as usual, it depends. The performance benefit from IKEv2 is not a significant factor unless you are transferring large files or there are a lot of simultaneous connections (250 or more). Or if you have a need for extremely latency (sub 100ms). In adition, IKEv2's stability is due to its ability to handle changes in connection status. An IKEv2 VPN can transition quickly between wireless hotspots and switches from wired to wireless because it has a very fast reconnection speed. Other protocols require much more time to reconnect because they have to exchange and verify more data before fully connecting. If you don't plan to travel much or switch networks much, IKEv2's stability won't matter much.

If all you need is a very simple, but capable and efficient VPN connection, IKEv2 will work well. Just realize that it isn't as secure as other protocols and is only supported by Windows devices. You cannot use IKEv2 connections for VPN to a Windows server end-point with any other OS. SSTP is a little more portable and supported by several other VPN connection utilities, so you can use it more readily. As mentioned, it's also more secure.
0
 

Author Comment

by:RFVDB
ID: 41758567
Thanks for all of the information.

So just to confirm. IKEv2 is faster while using the actually connection, not just on the initial connection right?
0
 
LVL 42

Expert Comment

by:Adam Brown
ID: 41758662
It can be, yes.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question