PPTP and L2TP deprecation: A new era of secure connectivity

  • Thread starter Thread starter Farhan_Ali
  • Start date Start date
F

Farhan_Ali

As technology advances, so must our security protocols. As part of our ongoing commitment to provide the highest level of security and performance, we are deprecating the PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) protocols from future Windows Server versions. While these protocols have served us well over the years and will still be available to users, it is time to transition to more secure and efficient alternatives: SSTP and IKEv2.

In this post, let’s walk through deprecation considerations, reasons, and recommendations to ensure you benefit from the best security options.



What deprecation means for PPTP and L2TP?​


Deprecation is not removal. Deprecation refers to the stage in the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases. Features and functionalities are added or occasionally removed from new releases of a product. If they’re removed, that’s typically because we’ve added a better option. Deprecated features continue to work and are fully supported until they are officially removed. We’re certain that you already have product lifecycles incorporated into your management strategy. Even so, the deprecation notification can span a few months or years to help you make the necessary transition. After removal, the feature or capability will no longer work.

PPTP and L2TP have been reliable workhorses in the world of VPN technology. However, with the increasing sophistication of cyber threats, these protocols have become less effective in providing the robust security necessary to protect our data. Their vulnerabilities have been well-documented, and they are no longer sufficient to meet the current security standards.



Transitioning to SSTP and IKEv2​


To ensure you continue to benefit from the best available security, we recommend transitioning to Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2). These protocols offer enhanced security features, faster connection speeds, and improved reliability.

Benefits of SSTP​

  • Strong encryption: SSTP uses SSL/TLS encryption, providing a secure communication channel.
  • Firewall traversal: SSTP can easily pass through most firewalls and proxy servers, ensuring seamless connectivity.
  • Ease of use: With native support in Windows, SSTP is simple to configure and deploy.

Benefits of IKEv2​

  • High security: IKEv2 supports strong encryption algorithms and robust authentication methods.
  • Mobility and multihoming: IKEv2 is particularly effective for mobile users, maintaining VPN connections during network changes.
  • Improved performance: With faster establishment of tunnels and lower latency, IKEv2 offers superior performance compared to legacy protocols.



Steps to transition to SSTP and IKEv2​


Note that PPTP and L2TP will still remain available if you want to make outgoing VPN connections based on these protocols. This is true for future Servers and Client SKU releases. However, what is being changed is that Windows RRAS Server (VPN Server) will not accept any incoming VPN connections based on these protocols.

As a result, please refer to the detailed set of instructions here for a step-by-step guide on transitioning to SSTP/IKEv2: How to install and configure Remote Access (RAS) as a VPN server.



Conclusion​


The deprecation of PPTP and L2TP is a necessary step in maintaining the highest security standards. By transitioning to SSTP and IKEv2, you are ensuring that your network communications remain secure, efficient, and reliable. We are here to support you through this transition. Reach out to our support team if you have any questions or need further assistance.

Continue reading...
 
Back
Top