PPTP and L2TPVPN protocols may be one of the most compatible VPN protocols currently. After all, these protocols have been launched for many years, and most operating systems and even routers support such protocols. The bad news is that the security of these protocols has not been guaranteed because they have been launched for a long time. Based on this, Microsoft recently announced that the Windows Server server system will deprecate the PPTP and L2TP protocols.


The problem with the PPTP protocol is that it is susceptible to offline brute force attacks, etc. These targeted attacks can capture the authentication hash; the L2TP protocol does not provide encryption functions and is not secure enough unless used in conjunction with protocols such as IPSec.

Microsoft's recommendation is that users, including enterprise users, migrate to the newer Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version v2 (ie IKEv2), which provide better performance and security.

Microsoft said in an official announcement:

The changes are part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols. These modern protocols offer superior encryption, faster connection speeds and better reliability, making them better suited for use in today's increasingly complex network environments.

Microsoft also shared the advantages of each protocol:

The technical advantages of the SSTP protocol include:

  • Strong encryption: SSTP uses SSL/TLS protocol for encryption, providing a secure communication channel

  • Protection wall penetration: SSTP can easily penetrate most firewalls and proxy servers, ensuring a seamless connection

  • Easy to use: With the native support of Windows system, SSTP is easy to configure and deploy, etc.

    • The technical advantages of the IKEv2 protocol include:

  • High security: The protocol uses strong encryption algorithms and strong authentication technology

  • Mobility and multi-homing support: especially useful for mobile users to maintain VPN connections during network changes

  • Performance improvement: By establishing faster tunnels and lower latency, the IKEv2 protocol provides superior performance compared to traditional protocols

    • Of course deprecation does not mean immediate removal:

    Like most features, deprecation means that Microsoft has given up further development of the product or feature, but support will not be immediately removed from the affected product.

    The PPTP and L2TP protocols can still be used in Windows Server, but Microsoft does not recommend continued use, and Microsoft will completely remove support for the above protocols from Windows Server at some point in the future.

    In addition, Microsoft also mentioned that as part of the deprecation, the Windows RRAS server, that is, the VPN server, will no longer accept incoming PPTP and L2TP protocols in the future, but users can still establish outgoing PPTP and L2TP.

    at last:

    Non-server versions such as Windows 10/11 have not deprecated support for these protocols. Of course, considering that Windows Server has been deprecated, it is hard to say that Microsoft will completely delete it from Windows 10/11 at some point in the future.