Which VPN to choose for highest compatibility ?



  • Hi.
    I want to set up a VPN server. But i'm unsure what to pick. openvpn isn't an option as it requires addon software on the clients. But android 7 doesn't support l2tp without ipsec, neither does windows 10 and win8 doesn't support l2tp with ipsec.
    So i'm not really sure what to go with as it seems no matter which direction i go either win8, win10 or android won't be compatible.



  • Sounds like you answered your own question.

    While OpenVPN does require client-side software, with pfSense's OpenVPN config export package, it is really simple to deploy client instances.  The simplicity far outweighs fiddling around with config knobs on the client.
    It is also very simple to install OpenVPN client on Windows, Android, and MAC (tunnelblick).



  • From the sound of it. I think i'm better off forwarding port and gre to a different router and use that to create a pptp vpn. The setup is simpler, and connecting is simpler which is what the clients wants. Enter host, username, pass and done. Openvpn is just too complicated to set up and use for the needs that i have.



  • Read the opening statement of the Wikipedia entry for PPTP to your client and ask whether they want security or convenience.

    As for L2TP …



  • Convenience wins over security. Security is a secondary priority if it requires a more cumbersome process. I think that'll always be the case if you ask consumers. They'll be like security "hell yeah" and then you show them what extra they need to do to get it and they're like "screw it, i'll just take the easy way"



  • Well then, if security is not important then do not bother with a VPN. Add an "allow all" rule on WAN and expose whatever services from LAN servers/devices that you want to access! (tongue-in-cheek)

    Seriously, these days I cannot imagine why security would be put down the list.



  • I think that happens because, instead of wrapping the security into the package or similar they're used to using, they're given a new thing that's more complicated to use and they just give up. Server side can be complicated, but client side can't be more complicated than what came before if you want users to adapt it without any whining. They care about security when you talk about it, but a lot of them don't care if that means they have to jump through extra hoops to get there. That's why apple has done so well and why windows 8 failed.