|Introduction to VPN|
Previous page > About VPN Tunneling
PPTP - Point-to-Point Tunneling Protocol - extends the Point to Point Protocol (PPP) standard for traditional dial-up networking. PPTP is best suited for the remote access applications of VPNs, but it also supports LAN internetworking. PPTP operates at Layer 2 of the OSI model. (See below)
Using PPTPPPTP packages data within PPP packets, then encapsulates the PPP packets within IP packets (datagrams) for transmission through an Internet-based VPN tunnel. PPTP supports data encryption and compression of these packets. PPTP also uses a form of General Routing Encapsulation (GRE) to get data to and from its final destination.
PPTP-based Internet remote access VPNs are by far the most common form of PPTP VPN. In this environment, VPN tunnels are created via the following two-step process:
1. The PPTP client connects to their ISP using PPP dial-up networking (traditional modem or
2. Via the broker device (described earlier), PPTP creates a TCP control connection between the VPN client and VPN server to establish a tunnel. PPTP uses TCP port 1723 for these connections.
Once the VPN tunnel is established, PPTP supports two types of information flow:
- control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
- data packets that pass through the tunnel, to or from the VPN client
PPTP Control ConnectionOnce the TCP connection is established in Step 2 above, PPTP utliizes a series of control messages to maintain VPN connections. These messages are listed below.
|1||StartControlConnectionRequest||Initiates setup of the VPN session; can be sent by either client or server.|
|2||StartControlConnectionReply||Sent in reply to the start connection request (1); contains result code indicating success or failure of the setup operation, and also the protocol version number.|
|3||StopControlConnectionRequest||Request to close the control connection.|
|4||StopControlConnectionReply||Sent in reply to the stop connection request (3); contains result code indicating success or failure of the close operation.|
|5||EchoRequest||Sent periodically by either client or server to "ping" the connection (keep alive).|
|6||EchoReply||Sent in response to the echo request (5) to keep the connection active.|
|7||OutgoingCallRequest||Request to create a VPN tunnel sent by the client.|
|8||OutgoingCallReply||Response to the call request (7); contains a unique identifier for that tunnel.|
|9||IncomingCallRequest||Request from a VPN client to receive an incoming call from the server.|
|10||IncomingCallReply||Response to the incoming call request (9), indicating whether the incoming call should be answered.|
|11||IncomingCallConnected||Response to the incoming call reply (10); provides additional call parameters to the VPN server.|
|12||CallClearRequest||Request to disconnect either an incoming or outgoing call, sent from the server to a client.|
|13||CallDisconnectNotify||Response to the disconnect request (12); sent back to the server.|
|14||WANErrorNotify||Notification periodically sent to the server of CRC, framing, hardware and buffer overruns, timeout and byte alignment errors.|
|15||SetLinkInfo||Notification of changes in the underlying PPP options.|
With control messages, PPTP utlizes a so-called magic cookie. The PPTP magic cookie is hardwired to the hexadecimal number 0x1A2B3C4D. The purpose of this cookie is to ensure the receiver interprets the incoming data on the correct byte boundaries.
PPTP SecurityPPTP supports authentication, encryption, and packet filtering. PPTP authentication uses PPP-based protocols like EAP, CHAP, and PAP. PPTP supports packet filtering on VPN servers. Intermediate routers and other firewalls can also be configured to selectively filter PPTP traffic.
PPTP and PPP
In general, PPTP relies on the functionality of PPP for these aspects of virtual private networking.
- authenticating users and maintaining the remote dial-up connection
- encapsulating and encrypting IP, IPX, or NetBEUI packets
PPTP directly handles maintaining the VPN tunnel and transmitting data through the tunnel. PPTP also supports some additional security features for VPN data beyond what PPP provides.
PPTP Pros and Cons
PPTP remains a popular choice for VPNs thanks to Microsoft. PPTP clients are freely available in all popular versions of Microsoft Windows. Windows servers also can function as PPTP-based VPN servers.
One drawback of PPTP is its failure to choose a single standard for authentication and encryption. Two products that both fully comply with the PPTP specification may be totally incompatible with each other if they encrypt data differently, for example. Concerns also persist over the questionable level of security PPTP provides compared to alternatives.
For more information on VPNs:
» Back to the beginning of this article
» Test your knowledge of VPN
» Read a review of "Virtual Private Networks"
» Today's Commmunity Discussions
» More Feature Articles