Does any VPN protocol authenticate the server?

Question

When you connect to a server using SSL/TLS the client authenticates the server using the certificate that the server provides. If certificates mismatch an error page is shown instead. So you know you are connecting to the correct server.

SSH also provides a similar mechanism "server fingerprinting" to make sure you are connecting to the same server after the first connection. Microsoft's RDP does that too.

But I don't know if VPN protocols (L2TP, PPTP, OVPN) support this. Which are those? If we use those protocols can we be sure that the first connection's server fingerprint will be remembered and we will be warned the next time? (at least on major OS's?)

I'm asking because foreign WiFi spots can easily redirect VPN connection attempts and provide their own server which actually destroys the whole point of VPN.

Answer 1

OpenVPN is in fact based on OpenSSL, and uses both client and server certificates to authenticate both sides.

PPTP, SSTP and L2TP can be deployed in various modes, including modes with certificate-based authentication. Note that these protocols doesn't provide underlying encryption, which is provided by optional, associated IPSec layer.

And IPSec can use either static, symmetric keys or IKE protocol stack to exchange and manage such keys. In both modes both server and client and authenticated.

Of course nothing will protect you from sniffing and/or redirecting your traffic in raw, encrypted form. But such form will be useless most times for anyone (except for forensincs purposes, but that's outside of the question).