Which VPN offers more security conceptually, SSL VPN or L2TP/IPSEC?

Question

Aside from possible implementation bugs, which VPN concept aims to offer more protection by design?

• SSL VPN (implementation example - OpenVPN)
• L2TP/IPSEC (implementation example - Strong Swan)

After reading this review, I can't understand how to compare designed security levels of both beyond what the author says. That is, I'm looking for a summary assessing and comparing these designs in more technical deepness from information security point of view.

I've created a Meta post about how can I improve this question.

Answer 1

Both them uses 256-bit key encryption. L2tp/ipsec is a kind of proprietary code. In which you need to rely on there standards. While OpenVPN is open source you can view the source code yourself and can check what code is doing what(kind of security). Also in OpenVPN you can see some drop points on connection speed, although it provides fair amount of speed depending on the bandwidth of your connection. Primarily openvpn uses UDP connection by default, which is faster in itself as there is no checking of data every time. On the otherhand l2tp/ipsec might be slower because it uses double encapsulation of data. While it is easy to configure rather than openvpn upto some extent.

Also yes there is another vpn concept, such as PPTP(Point to Point Tunneling Protocol). Whereas, this is not that much secure and only provides basic security. Although it works on some older system and its not recommended option to use for good security reason. Whereas you can use it for low-risk browsing and streaming.