Why We Don’t Recommend You Use PPTP, L2TP, and IKEv1

We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.

Is using L2TP/IPSec with a public pre-shared key secure?

No, it is not secure and should only be used where security is not required/important e.g. If you are streaming content that requires an IP in a different location. To understand why it is not secure read on.

For wide compatibility with client devices and ease of setup the L2TP/IPSec service uses a pre-shared key for authentication. This key is often published on a VPN providers website and is therefor accessible by anyone.

However this pre-shared key is not used to encrypt the data between your device and the VPN servers, only to authenticate the server to the client device. A passive adversary eavesdropping on the connection is unable to decrypt the tunnel data. However there does exist a risk of an active MITM (Man in the middle attack) where the adversary impersonates the VPN server and is then able to decrypt and eavesdrop on the connection.

This capability requires some technical sophistication on the part of the attacker but the possibility is very real and therefore we strongly recommend that customers who require security use an OpenVPN based VPN service. Furthermore leaked NSA presentations released by the “Der Spiegel” publication indicate that IKE is being exploited in an unknown manner to decrypt IPSec traffic.

Further technical info

IPSec uses a protocol called IKE (Internet Key Exchange) which is used to set up a security association (SA) between the client and server. IKE has two phases, during the first phase the client and server generate and exchange nounces after which they perform a Diffie–Hellman key exchange. Both sides then use the nounce, the Diffie-Hellman shared secret and the pre-shared key to generate the IKE keys. These IKE Keys are then used in the second stage to generate the IPSec SA’s which contain the session keys used to encrypt the tunnel data.

Because of the Diffie-Hellman operation in phase 1 a passive eavesdropper would be unable to derive the same set of session keys used to encrypt the tunnel data. However as mentioned above an active MITM attack is possible due to the use of the pre-shared key in which case the adversary would be able to eavesdrop or even inject malicious data into the connection.

Related Articles

  • My IP is being leaked by WebRTC. How do I disable it?
  • Do you support BlackBerry?
  • In which countries do you have servers / Where are your servers located?
  • AntiTracker FAQ
  • Where can I download the VPN software for my computer?

Still have questions?

Get in touch and we’ll get back to you in a few hours.

Interested in privacy?

Read our latest privacy news and keep up-to-date on IVPN services.

Why We Don’t Recommend You Use PPTP, L2TP, and IKEv1

When it comes to choosing the right VPN protocol for you, it can be a tricky task. There are so many to choose from and what each one does can be a bit technical to understand, especially for those that just want to keep their internet activity as private as possible. That is why it is important to know that there are some VPN protocols that are offered, but not secure and should be avoided if possible. These protocols include PPTP, L2TP, and IKEv1. In this article, we will go in-depth as to why you shouldn’t use these protocols.


Point-to-Point Tunnelling Protocol (PPTP) is one of the most commonly available VPN protocols around, mainly due to its wide compatibility on numerous devices. It has been around since the year 2000, and since then has completely been discredited by the internet security industry as it has a number of well-known security flaws.

The vulnerabilities that PPTP has are caused by the PPP authentication protocol and the MPPE protocol that is used. This includes the way that both MPPE and PPP are used for session key establishment.

MS-CHAP-v1 that is used for authentication is fundamentally insecure, with various tools available that can easily pick out NT password hashes taken from captured MS-CHAP-v1 communications. MS-CHAP-v2 is also just as vulnerable, but this time to dictionary attacks on challenge-response packets. Again, tools are readily available to perform these attacks.

The MPPE protocol uses RC4 stream cypher for encryption. This means there is no way to authenticate the ciphertext stream, meaning that it is vulnerable to a bit-flipping attack. This means that an attacker can modify the traffic without the possibility of being detected.

As you can see, PPTP is fully compromised and should be avoided at all costs. Whilst the compatibility is useful, it simply is no longer secure.


Layer 2 Tunnelling Protocol (L2TP) is another very popular protocol that has had some inherent security weaknesses. It is used quite often by mobile users because of the native support on both Android and iOS. Its origins come from the aforementioned PPTP and its latest iteration L2TPv3 comes from back in 2005.

L2TP doesn’t actually specify any mandatory encryption, but relies on PPP’s MPPE encryption method. This is why it is almost always paired with IPSec, which supports up to AES-256. A big issue with IPSec is that it uses UDP port 500 and this makes it pretty easy to block by firewalls. L2TP/IPSec is quite secure, but there are rumblings from the likes of Edward Snowden and John Gilmore (a founding member of the EFF) that the protocol has been weakened by the NSA, meaning it isn’t necessarily the best choice when it comes to security. Recent studies prove that L2TP/IPsec suffers from the same vulnerabilities as regular IKEv1 IPSec and, in turn, should not be used any more. You may find out more about the topic here.

Overall, L2TP/IPSec looks like a great protocol on the surface, but nowadays should be avoided. It’s support on the likes of iOS and Android is useful no doubt, but it isn’t really worth it at the expense of security.


The first version of the Internet Key Exchange (IKE) protocol is what laid the groundwork for IKEv2 to become one of the most secure and fastest VPN protocols currently available. The first version though has inherent security vulnerabilities that cannot be avoided.

Leaked NSA presentations that were released by Der Spiegel show that IKE is being exploited in a currently unknown way to decrypt IPSec traffic. Researchers also discovered a Logjam attack that could break 1024-bit Diffie-Hellman encryption. This was a huge discovery as it meant that 66% of VPN servers, 18% of the top million HTTPS, and 26% of SSH servers were vulnerable. Though this discovery is quite disputed in the internet security industry, though it is worth considering when choosing a VPN protocol.

As mentioned above, the recent discovery of key-reuse vulnerability over IKEv1 makes the protocol really insecure. Exploiting the key-reuse vulnerability on Hide.me servers is not possible due to our design of IKEv1 deployment (we do not use the vulnerable RSA based authentication mechanism). Due to this fact our IKEv2 implementation is also secure.

When IKEv2 exists, which improved immeasurably over the first version, there is no reason not to go with it. IKEv2 brought about the likes of Denial of Service attack resilience, SCTP support, and NAT traversal.

IKEv1 should be avoided at this point, we highly recommend the use of IKEv2 as your main VPN protocol.

Better Protocols to Use

We offer many different VPN protocols that have better security than those listed here. We highly rate IKEv2, and it is our recommended VPN protocol for the majority of users. But OpenVPN is another great option. It can be a little fiddly to set up manually, and it’s definitely not for novice users. But it’s available on a wide array of devices and known secure.

SoftEther is another good choice but is only really usable through a dedicated program. It offers good security and speed, but don’t expect to use it on all your devices. Finally, SSTP is a good option. It is worth keeping in mind that is Microsoft’s proprietary protocol, but the specification is clear enough and there should be no issues with it. . For Windows users it is a good choice as it is natively supported and a breeze to set up.

hide.me VPN Apps

The easiest way to set up a VPN connection on your device would be to use the Hide.me VPN app. It is available on Windows, macOS, iOS, Android, and Windows Phone. On our app, you can choose between all of the VPN protocols that we offer, including even SoftEther. So you can just connect to your server of choice and not have to worry about staying secure. You can even setup fall-back protocols, in case the protocol of your choice goes down.

That’s without even mentioning the other features available with our apps, such as a kill-switch, split tunneling, firewalling and the ability to stop DNS-leaks. We even have Chrome and Firefox extensions available.

We love bringing you this content and hope it helps keep you safe and secure online. Feel free to share it with your friends, too.

Here at hide.me we are all about internet freedom, and we are happy to be in a position to bring that to everyone. That is why we give you a 30-day money-back guarantee on our Premium plan. No questions asked and no logs recorded.

If you have any questions, please feel to contact our 24/7 support team either at [email protected] or via live chat.