1. Technology
Introduction to VPN
Introduction to PPTP - Point-to-Point Tunneling Protocol

Previous page > About VPN Tunneling

PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer 2 of the OSI model. (See below)

 More of this Feature
• Part 1: Introduction to VPN
• Part 2: What Do VPNs Do?
• Part 3: VPN Pros and Cons
• Part 4: VPN Technology
 
 Join the Discussion
"How long will it be before mobile wireless networks with WML-based content offer something really interesting to the general public? One year? Five years? Never??"
AB_COMPNETWK
 
  Related Resources
• VPN Directory
 
 
Using PPTP
PPTP packages data within PPP packets, then encapsulates the PPP packets within IP packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination.

PPTP-based Internet remote access VPNs are by far the most common form of PPTP VPN. In this environment, VPN tunnels are created via the following two-step process:

    1. The PPTP client connects to their ISP using PPP dial-up networking (traditional modem or ISDN).

    2. Via the broker device (described earlier), PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. PPTP uses TCP port 1723 for these connections.
PPTP also supports VPN connectivity via a LAN. ISP connections are not required in this case, so tunnels can be created directly as in Step 2 above.

Once the VPN tunnel is established, PPTP supports two types of information flow:

  • control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
  • data packets that pass through the tunnel, to or from the VPN client
PPTP Control Connection
Once the TCP connection is established in Step 2 above, PPTP utliizes a series of control messages to maintain VPN connections. These messages are listed below.

NumberNameDescription
1StartControlConnectionRequestInitiates setup of the VPN session; can be sent by either client or server.
2StartControlConnectionReplySent in reply to the start connection request (1); contains result code indicating success or failure of the setup operation, and also the protocol version number.
3StopControlConnectionRequestRequest to close the control connection.
4StopControlConnectionReplySent in reply to the stop connection request (3); contains result code indicating success or failure of the close operation.
5EchoRequestSent periodically by either client or server to "ping" the connection (keep alive).
6EchoReplySent in response to the echo request (5) to keep the connection active.
7OutgoingCallRequestRequest to create a VPN tunnel sent by the client.
8OutgoingCallReplyResponse to the call request (7); contains a unique identifier for that tunnel.
9IncomingCallRequestRequest from a VPN client to receive an incoming call from the server.
10IncomingCallReplyResponse to the incoming call request (9), indicating whether the incoming call should be answered.
11IncomingCallConnectedResponse to the incoming call reply (10); provides additional call parameters to the VPN server.
12CallClearRequestRequest to disconnect either an incoming or outgoing call, sent from the server to a client.
13CallDisconnectNotifyResponse to the disconnect request (12); sent back to the server.
14WANErrorNotifyNotification periodically sent to the server of CRC, framing, hardware and buffer overruns, timeout and byte alignment errors.
15SetLinkInfoNotification of changes in the underlying PPP options.

With control messages, PPTP utlizes a so-called magic cookie. The PPTP magic cookie is hardwired to the hexadecimal number 0x1A2B3C4D. The purpose of this cookie is to ensure the receiver interprets the incoming data on the correct byte boundaries.

PPTP Security
PPTP supports authentication, encryption, and packet filtering. PPTP authentication uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on VPN servers. Intermediate routers and other firewalls can also be configured to selectively filter PPTP traffic.
PPTP and PPP

In general, PPTP relies on the functionality of PPP for these aspects of virtual private networking.

  • authenticating users and maintaining the remote dial-up connection
  • encapsulating and encrypting IP, IPX, or NetBEUI packets

PPTP directly handles maintaining the VPN tunnel and transmitting data through the tunnel. PPTP also supports some additional security features for VPN data beyond what PPP provides.

PPTP Pros and Cons

PPTP remains a popular choice for VPNs thanks to Microsoft. PPTP clients are freely available in all popular versions of Microsoft Windows. Windows servers also can function as PPTP-based VPN servers.

One drawback of PPTP is its failure to choose a single standard for authentication and encryption. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently, for example. Concerns also persist over the questionable level of security PPTP provides compared to alternatives.

Next page > VPN Common Questions and Answers > Page 1, 2, 3, 4 5, 6


For more information on VPNs:
» Back to the beginning of this article
» Test your knowledge of VPN
» Read a review of "Virtual Private Networks"

» Today's Commmunity Discussions
» More Feature Articles

Subscribe to the Newsletter
Name
Email

You can opt-out at any time. Please refer to our privacy policy for contact information.

Discuss in my forum

See More About

©2014 About.com. All rights reserved.