I have been doing some work with VPNs lately, having set up a PPTP(Point to Point Tunneling Protocol) VPN for some Android network analysis that I have been doing lately. It is easy to set up on a server and a mobile device, but PPTP generally isn’t secure unless you are using (P)EAP. I wanted to try out something that overlaps with something that I’m pretty knowledgeable about, TLS/SSL, with something I have never had to actually set up, an SSL VPN. Most people who use a VPN to connect into work use an SSL VPN. Probably either from someone like Cisco or Juniper. They are pretty easy to set up on the router side of things, and relatively easy for client device to get set up. Other advantages are that they can be run over port 443, so they won’t be blocked by most firewalls, and that they use the verification properties inherent to TLS/SSL rather than some sort of challenge-response handshake. Using TLS/SSL allows them to also be flexible about key sizes and cipher suites used and upgrade them as the future requires.
Read Full Article