Solved

IKEv2 VS  SSTP

Posted on 2016-08-09
4
154 Views
Last Modified: 2016-09-03
I've setup a Windows 2012R2 VPN Server with a public certificate.

I'm able to access the server remotely using SSTP.

I've heard that apparently the connection through IKEv2 is faster and more stable than SSTP. Is this true?

For the above reasons, would an IKEv2 setup be better than SSTP?

Thanks, Jonathan
0
Comment
Question by:RFVDB
  • 3
4 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41749342
IKEv2 is faster and potentially more stable, but that is primarily due to the fact that it is not a "Complete" VPN protocol. IKEv2 was developed only to allow secure private key exchange between endpoints to enable better encryption with IPsec. However, as an entire VPN solution, it is not technically as secure as most other VPN protocols, since it utilizes the same kind of Key Exchange used when communicating with HTTPS servers.

SSTP, on the other hand, does the same thing as IKEv2, but only uses that portion of the VPN establishment to exchange private key information to further encrypt the session. This means the encryption is stronger in SSTP and doesn't rely on a shared key, but instead utilizes full PKI encryption. That's why in runs slower. It has to do more work. Further, SSTP is able to traverse firewalls over port 443, so it does not open a specialized port in the firewall (which can be discovered fairly easily), meaning the use of a VPN is significantly more difficult to determine.
0
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41749457
As for which will be better, the answer is, as usual, it depends. The performance benefit from IKEv2 is not a significant factor unless you are transferring large files or there are a lot of simultaneous connections (250 or more). Or if you have a need for extremely latency (sub 100ms). In adition, IKEv2's stability is due to its ability to handle changes in connection status. An IKEv2 VPN can transition quickly between wireless hotspots and switches from wired to wireless because it has a very fast reconnection speed. Other protocols require much more time to reconnect because they have to exchange and verify more data before fully connecting. If you don't plan to travel much or switch networks much, IKEv2's stability won't matter much.

If all you need is a very simple, but capable and efficient VPN connection, IKEv2 will work well. Just realize that it isn't as secure as other protocols and is only supported by Windows devices. You cannot use IKEv2 connections for VPN to a Windows server end-point with any other OS. SSTP is a little more portable and supported by several other VPN connection utilities, so you can use it more readily. As mentioned, it's also more secure.
0
 

Author Comment

by:RFVDB
ID: 41758567
Thanks for all of the information.

So just to confirm. IKEv2 is faster while using the actually connection, not just on the initial connection right?
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41758662
It can be, yes.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question