Aller à :navigation, rechercher
Wiki

VPN-Overview

De Securepoint Wiki





























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden

















































Overview of the different VPN connection techniques of the Securepoint UTM

Last adaption: 04.2026

New:
notempty
This article refers to a Beta version

This article explains the different techniques for establishing a VPN (Virtual Private Network) connection available in the Securepoint UTM and provides an overview of when to use each of them.


Techniques

WireGuard

Protocols: WireGuard
Ports:



  • SSL VPN

    Protocols: SSL, TLS
    Ports: Standard 1194/UDP; but can use almost any free port and also TCP protocol.

    The Securepoint firewall appliances offer an SSL (Secure Socket Layer) encrypted VPN connection based on the open source project OpenVPN. OpenVPN is characterized by high flexibility, a relatively simple configuration and good encryption of the data and thus a very high security.
    Furthermore, OpenVPN usually has no problems with nated connections and can therefore also be used as a very stable alternative to IPSec VPN site-to-site connections.


    IPSec VPN

    Protocols: IKE, ESP, NAT-Traversal
    Ports: 500/UDP (IKE), 4500/UDP (NAT-Traversal)



    L2TP VPN


    hide
    Klicken für dauerhafte Anzeige
    Protocols: L2TP
    Ports: 1701/UDP

    The L2TP (Layer 2 Tunneling Protocol) is a combination of the protocols PPTP (Point to Point Tunneling Protocol) and L2F (Layer 2 Forwarding). Since L2TP only supports user authentication but not encryption, it is used in conjunction with the IPSec protocol. L2TP is used specifically to connect standalone computers to networks.


    PPTP VPN

    notempty
    As a proven insecure protocol, PPTP VPN is no longer supported by the UTM.

    Show PPTP VPN details
    hide
    Klicken für dauerhafte Anzeige

    PPTP VPN has been proven to be an insecure VPN protocol. It is strongly recommended not to use this protocol anymore. Instead, use SSL VPN, IPSec xAuth or IPSec with L2TP for Roadwarrior connections.

    Protocols: PPTP, GRE
    Ports: 1723/TCP

    The Point-to-Point Tunneling Protocol (PPTP) is usually used for Roadwarrior connections.
    The VPN connection is initialized via TCP port 1723 and the data flow is then controlled using the Generic Routing Encapsulation protocol (GRE).



    Site to Site VPN connections

    The following table shows which VPN technology runs most stable in combination with which Internet connection according to our experience.

    VPN-Art NAT ADSL/SDSL VDSL Cable connection LTE UMTS
    WireGuard without NAT
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    WireGuard NAT on one side
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    WireGuard NAT on oth sides
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    SSL-VPN without NAT
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    SSL-VPN NAT on one side
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    SSL-VPN NAT on oth sides
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    IPSec IKEv2 without NAT
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    IPSec IKEv2 NAT on one side
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    IPSec IKEv2 NAT on oth sides
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    IPSec IKEv1 without NAT
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    IPSec IKEv1 NAT on one side
    ADSL/SDSL
    with RSA key
    VDSL
    Cable connection
    LTE
    UMTS
    with RSA key
    IPSec IKEv1 NAT on oth sides
    ADSL/SDSL
    VDSL
    Cable connection
    LTE
    UMTS
    legend:
    Recommended
    Possible
    Not recommended

    Table explanation
    Due to the properties of SSL VPN or OpenVPN, we have found that a stable VPN connection can almost always be set up with this technology.
    RSA keys consist of a private and a public key and provide secure authentication. These key pairs can be generated on any Securepoint appliance and the public keys can be exchanged.
    Unfortunately, we repeatedly have to make the experience that connections via LTE (Long Term Evolution) are nated by the Internet provider. The connection runs best with a public IP from the provider. Otherwise, VPN connections via IPSec are usually not stable, if they are established at all.


    Setting up site-to-site connections

    WireGuard
    SSL-VPN
    IPSec


    Roadwarrior or end-to-site VPN connections

    Not all operating systems offer the possibility to use all VPN techniques.

    The following table provides an overview.

    Operating system WireGuard SSL-VPN IPSec IKEv1 IPSec IKEv2 IPSec XAuth L2TP / IPSec
    Windows 11
    OpenVPN
    Windows 10
    as of Ver.2
    Linux
    OpenVPN
    Apple OS X
    Tunnel view
    Apple iOS
    OpenVPN
    Android
    OpenVPN
    legend:
    Recommended
    Not recommended
    not possible

    Table explanation


    Setting up the Roadwarrior connections

    WireGuard
    Openvpn
    IPSec
    L2TP
    Récupérée de "https://wiki.securepoint.de/index.php?title=UTM/VPN/Übersicht&oldid=102775"