PPTP, OpenVPN, IPSec and L2TP - What's the difference?

I have recently started to look into VPN services to enhance my privacy while using the interwebs. One thing that started to confuse me pretty quickly was the variety of different servers available, and honestly it took me a while to start to understand what the differences are. Well to make this process simpler for other people, here is a nice short summary from zzing123, which was posed at "perfect-privacy.com forum.

On a general level, PPTP was invented by Microsoft as a VPN that could be used with dialup, and is far older than OpenVPN, and as such is practically available from any device that supports a VPN of some description. That and the fact it's easy to use are really the only reasons it's used. In terms of security it's basically crap: at best it uses 128 bit encryption with an RC4 handshake (Handshake is the authentication/login process for setting up the VPN). At worst, 64 bit encryption and a plain-text handshake (so it wouldn't even take 2 weeks: just read the packet!). Naturally, PP uses the better sort.

OpenVPN is - in this league - very new technology. It's basically the amalgamation of several technologies, like SSH, Stunnel, OpenSSL's encryption libraries all of which provide unix with best of breed power and together form OVPN, a best of breed VPN. OVPN allows you to choose the method and algorithm for handshaking as well as for data encryption, plus uses SSL certificates, PSK's or User/Pass (or a combination of) to authenticate clients on top of that. With hardware acceleration, OVPN is easily faster than PPTP. Without acceleration, it's entirely dependent on the algorithms chosen - Blowfish is designed to be the fastest software-only algorithm, so OVPN would be a lot faster than PPTP. Encumbered with a software AES-256 implementation, and PPTP's 128 bit encryption is faster. This ultimate configurability is also OVPN's downfall: it's pretty complicated to set up.

With PP's OVPN service, ideally they should provide a client.crt and client.key unique to every customer, instead of using the auth-user-pass directive for ultimate security, but management of these keys becomes a nightmare. That said PP uses RSA 4096-bit encryption for the handshake and AES-256 for data, which are probably the two most secure algorithms you can use currently in OVPN.

There is also a third technology: L2TP / IPSec. L2TP provides the layer 2 tunnel, and IPSec the encryption, and was invented by Cisco to bridge 2 networks together. IPSec uses either RSA or a Pre-Shared Key (PSK) for the handshake, which uses Diffie-Hellman hashing over and above that. For data, it can use 3DES, DES, Blowfish, AES and CAST-128. IPSec does have pretty good support in clients and is widely regarded as being PPTP sorted out. Because Cisco developed it to sell more routers, a lot of expensive network gear has IPSec support built in, meaning that if you have very expensive network kit using IPSec, your VPN's will be so fast there's practically no latency overhead. Software implementations are as fast as PPTP.

So in summary:
- Choose PPTP: If you want an albeit crusty VPN technology available everywhere
- Choose OVPN: If you want the most powerful, secure and modern VPN
- Choose IPSec/L2TP: If you want high performance between two sites