For those who do not know what a VPN is, be sure to read up on my other blog articles on VPN before continuing on.
There are so many free VPN software like OpenVPN, Softether, StrongSWAN and Tinc out there. More often than not, people ask which VPN software they should use. In this blog article, I will be analysing and evaluating which VPN software you should use in which scenario and how to use them. They will be analysed in accordance to their popularity.
First up, OpenVPN.
OpenVPN has been around since 2001 and is still being developed. It is easy to setup, easy to use and has really great features such as encryption, certificates, IPv6 support, udp and tcp support, bridging and compression. More features such as web GUI, failover and full LDAP support are available in the OpenVPN Access Server, which has a starting price of $9.60 annually.
However, OpenVPN is rather lacking in terms of security. Although there have been updates once in a while, there has been no major changes or improvements which makes it lack newer ciphers which supports forward secrecy. Forward secrecy helps to improve security in data exchange between 2 points. The speed is also limited at 100mbps which is okay unless you’re running multiple high speed servers or vps. Even though it is free and open source, I do not recommend it for any businesses or even for individuals.
Second up would be Softether.
SoftEther is my favourite free VPN software. SoftEther started out in 2013 as a free and fully open-source project in Japan. It’s extremely easy to setup and use, even easier than OpenVPN. There are also a ton of tutorials readily available on the SoftEther website. What I really love about it is that it supports multiple protocols (L2TP, OpenVPN, SSTP, SSL) and it is highly resistant against firewalls. It is so firewall resistant that it can even VPN over ICMP and DNS! What this means is that you can use the L2TP VPN on your smartphone and it can also bypass smart firewalls. It supports encryption, certificates, compression, GUI for server and client, IPv4 and IPv6 dual stack, NAT and even allow speeds above 1gbps!
A few flaws I found in SoftEther is that it still doesn’t have any of the newer ciphers that supports forward secrecy and it is slightly more complicated than OpenVPN. For the price of $0, SoftEther VPN is a really amazing product and I highly recommend it.
Third one would be StrongSWAN VPN
I heard about StrongSWAN through a friend on IRC. StrongSWAN is a OpenSource IPsec-based VPN solution that is a fork of OpenSWAN. The fork started out in 2011 as a more secured alternative to OpenSWAN. StrongSWAN is more actively developed than the main fork and uses Charon IKE daemon, which is a more advanced version of the Pluto IKE daemon and also supports IKEv2. It is really secured and have modern ciphers that support forward secrecy. The configuration of StrongSWAN is intuitive and this makes it easy for users to setup large and complex VPN networks. It also offers most of the features OpenVPN has but with any IKE, you would not want to change the port configuration as it will be messed up on the Windows client.
However, it is extremely difficult and complicated to setup. I’ve spent hours scratching my head and debugging it but yet it would not still work. I shit you not, this is one hell of a VPN to debug. As a result of not being able to set a custom port, it makes the VPN less useful against Firewalls. Logs are mostly useless and Google cannot help you. I would only recommend this to the more technically inclined people and those who have a lot of time.
Last but not least, Tinc.
Tinc is an open source peer to peer VPN daemon that is more or less similar to SoftEther. The project started out in 2000, even earlier than OpenVPN, and is still being actively developed. Despite having a longer history, it is not as widely implemented and used as OpenVPN and SoftEther. Tinc is quite minimal, secured, stable and easy to configure.
However, installation of Tinc is not easy and there isn’t much of a stand out feature for Tinc. I would consider using Tinc only if the server has very limited resources.
Overall, I would recommend SoftEther VPN for personal usage and for businesses that do not require super high standards of encryption. For businesses that require very high standards of encryption for VPN, I would highly recommend StrongSWAN VPN. If your server has very limited resources, Tinc is the way to go. OpenVPN is slowly but surely becoming obsolete as more and more better opensource VPN software emerge into the IT industry. Therefore, I would not recommend OpenVPN to anyone for any reason.