[German]I'm catching up on a brief piece of information that I've already had for a few days. Microsoft has already announced on October 8, 2024 that it will no longer support the two protocols PPTP and L2TP VPN in future Windows Server versions. Both protocols have been declared as deprecated.
The information can be found in the Techcommunity article PPTP and L2TP deprecation: A new era of secure connectivity from October 8, 2024 – and came to my attention via the following tweet from colleagues.
To increase security standards, Microsoft will no longer use the PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) protocols in future versions of Windows Server. It is time to switch to more secure and efficient alternatives SSTP and IKEv2, they say.
Switching to SSTP and IKEv2
Microsoft recommends that administrators who still use the above protocols switch to Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange Version 2 (IKEv2). These protocols offer enhanced security features, faster connection speeds and greater reliability. The advantages of SSTP are:
- Strong encryption: SSTP uses SSL/TLS encryption and provides a secure communication channel.
- Overcoming firewalls: SSTP can easily pass through most firewalls and proxy servers, ensuring seamless connectivity.
- Easy to use: Thanks to native support in Windows, SSTP is easy to configure and use.
The advantages of IKEv2 are described by Microsoft as follows:
- High security: IKEv2 supports strong encryption algorithms and robust authentication methods.
- Mobility and multihoming: IKEv2 is particularly effective for mobile users as VPN connections are maintained even when changing networks.
- Improved performance: With faster tunnel establishment and lower latency, IKEv2 offers better performance compared to older protocols.
Microsoft writes that PPTP and L2TP are still available if users want to establish outgoing VPN connections based on these protocols. This applies to future server and client SKU versions.
What has changed, however, is that Windows RRAS Server (VPN Server) no longer accepts incoming VPN connections based on these protocols. Administrators can find detailed instructions for the step-by-step transition to SSTP/IKEv2 in the support article Install Remote Access as a VPN server.
