VPNs need no introduction. With the constant growth of commercial VPNs available for use, a general user is already familiar with them. Most aware users have also taken heed of the technology behind VPNs and are familiar with a few terminologies regarding them. One such term a VPN user (potential) must have come across is protocol. When someone talks about protocols, they can feel their minds wandering to VPNs, almost subconsciously. One such protocol related to VPNs is PPTP. Point-to-Point Tunneling Protocol or PPTP for short is perhaps one of the most spoken terms related to VPNs. One may consider it to be almost indistinguishable from VPNs, and they might not be wrong. VPNs and PPTP share a history of around 25 years. One can claim that the modern VPNs of today might not have been possible save for this protocol.
PPTP is VPN and vice versa. While this statement may not be factually accurate, no one can dispute the influence point-to-point protocol had over VPNs past couple of decades. It is hard to imagine VPNs without PPTP; that is why even when obsolete, VPNs continue to support these protocols on their clients.
PPTP – a brief history
Back in 1996, when the then Microsoft employee was still developing PPTP, no one had thought how it would change the world 20 years down the road. PPTP was officially launched in 1999 by a vendor consortium formed of Microsoft, Ascend Communications, 3Com, and other groups. Since then, VPN protocols have seen an influx of better and more secure options. The protocol may be fast, but it is not safe per industry standards.
What is PPTP?
Point-to-Point Tunneling Protocol is a networking standard used to connect virtual networks. It empowers the user to connect to another on a network securely. Users can also access one device from a specific point over the internet via a tunnel, hence the name. The tunnel refers to the way one protocol encapsulates another protocol. For PPTP, though, a TCP/IP protocol (which provides the internet) contains the point-to-point protocol(PPP) within.
Essentially, even when the connection is over an insecure network like the internet, it works as if it is a direct connection over a private one, with security. It supports on-demand, multi-protocol, virtual private networking over public networks such as the internet.
It is one of the oldest and easiest protocols to set up and comparatively faster. However, it is also subject to serious security vulnerabilities due to its being too old.
Point-to-Point Tunneling and Virtual Networking
Windows NT server v4 and Windows NT Workstation v4 OS have inbuilt PPTP. Any computer(device) with these OSes (similar architecture) can run a VPN via point-to-point tunneling securely as a remote access client by using a public network such as the internet. It means that a Point-to-Point tunnel enables on-demand VPNs over the internet(or any other TCP/IP-based data network). Computers connected to a LAN can also easily use a PPTP to create a VPN across the local network.
The most important feature of this protocol is its support for VPNs by using public-switched telephone networks (PSTN). It simplifies the process and reduces the cost of deploying an enterprise-wide remote access solution for mobile users. It ensures secure and encrypted communication over a public telecommunication line. In simple words, PPTP eliminates the need for an expensive leased line or private dedicated communication server, as users can quite easily access services over PSTN lines.
EVERY PPTP deployment involves three computers(devices)
- A client with point-to-point tunneling
- A network access server
- A PPTP server
Types of tunneling
Before we move further onto the workings of a PPTP or its architecture, we should familiarize ourselves with the two types of tunneling supported by this protocol.
- Voluntary tunneling — Initiated by the client (Windows 95/98/NT/2000, etc.) the tunneling doesn’t require any support from the ISP or network devices.
- Compulsory tunneling — As initiated by the server at an ISP, aid from the router and network access server is needed.
How does a Point-to-Point Tunneling Protocol work?
To further improve PPP protocols, Microsoft started working on PPTP. Due to this fact, we observe this protocol to use the same PPP authentication and encryption framework. The difference is that it encapsulates another protocol to provide Layer 2 security. When a point-to-point tunneling client establishes a connection (tunnel) to the server, it transports all the data and online traffic through this tunnel while ensuring encryption, all because PPTP is, in simple words, PPP within a TCP/IP protocol.
Technically, this protocol encapsulates network data and puts it into IP envelopes. Whenever a router or some other device encounters said data, they treat it as a data packet. Thus, it is then retrieved by the server and forwarded to the destination. PPTP uses a client-server design mentioned above and operates at Layer 2 of the OSI model. With GRE to encapsulate data packets, it utilizes TCP port 1723 and IP port 47through TCP. It is an old protocol; thus, it only supports up to 128-bit encryption.
PPTP supports two types of information flow
- Control messages — It manages and eventually tears down a VPN connection. Control messages can pass directly between the VPN client and the server.
- Data packets — It passes through the tunnel, i.e., to or from the VPN client.
General Technical Details About Point-to-Point Tunneling
- For a stable connection to a server, PPTP only needs the server address, a username, alongside a password.
- This protocol is highly compatible. It supports Windows, Linux, macOS, iOS, Android, Tomato, DD-WRT, and other operating systems and devices.
- PPTP uses GRE (General Routing Encapsulation), TCP port 1723, and IP port 47.
- This protocol supports encryption keys up to 128-bits, and it uses MPPE (Microsoft Point-to-Point Encryption).
‘Providing a secure process to reach any of the private networks over the internet.’ Such was the motivation behind the design for PPTP. And it holds even today. The said secure connection created during this process requires three steps. Each of these steps is highly detailed and interdependent. It requires the completion of the previous actions. These processes are:
- PPP Connection and Communication — Point-to-point tunneling uses PPP to connect to an ISP using a standard telephone line (PSTN) or ISDN line. Thus, this connection uses PPP protocol to establish the tunnel and encrypt data packets.
- PPTP Control Connection — This connection uses TCP to establish a PPTP tunnel. Using the same tunnel to connect to the internet, established by the PPP protocol, the PPTP protocol creates a control connection from the client to a PPTP server on the internet, thus successfully simulating a tunnel.
- PPTP Data Tunneling — Finally, the protocol creates IP datagrams containing encrypted PPP packets that are sent through the tunnel to the server. The PPTP server disassembles the IP datagrams, decrypts the PPP packets, and then routes the decrypted packets to the private network.
PPP Connections and Communication
PPTP utilizes PPP as the latter is a remote access protocol, to send multi-protocol data across TCP/IP-based networks. It encapsulates IP, IPX, and NetBEUI packets and sends them by creating a point-to-point link between sending and receiving devices. Most PPTP sessions start due to the client dialing up the ISP network access server. PPP is used to create this dial-up connection, and perform the following functions:
- Establishing and ending the physical connection — The PPP protocol establishes and maintains connections between remote computers.
- Authenticating user — PPTP clients are authenticated by using the PPP protocol. Clear text, encrypted, or Microsoft encrypted authentication can be used by the PPP protocol.
- Creating PPP datagrams that contain encrypted IPX, NetBEUI, or TCP/IP packets — The PPP creates datagrams that contain one or more encrypted TCP/IP, IPX, or NetBEUI data packets. Because the network packets are encrypted, all traffic between a PPP client and a network access server is secure.
Point-to-Point Tunneling Control Connection
Point-to-Point tunneling specifies a series of control messages sent between the client and server. These control messages establish, maintain and end the tunnel. The primary command list can be found below:
|PPTP_START_SESSION_REPLY||Replies to start session request|
|PPTP_ECHO_REPLY||Replies to maintain session request|
|PPTP_WAN_ERROR_NOTIFY||Reports an error on the PPP connection|
|PPTP_SET_LINK_INFO||Configures the connection between client and PPTP Server|
|PPTP_STOP_SESSION_REPLY||Replies to end session request|
PPTP Data Tunneling
A PPTP tunnel is established. After that, user data transmission takes place. Data moves along the tunnel as datagrams containing PPP packets. And the IP datagram comes into play as GRE protocol.
Advantages and Disadvantages of PPTP
Due to being one of the oldest protocols on the block, PPTP has its own set of advantages and disadvantages. Which are:
Advantages of point-to-point tunneling
- Compatibility — It comes as no surprise that this protocol is one of the most compatible out there. From Windows, macOS, Android, Linux, iOS to Tomato, DD-WRT and others.
- Usability — Very user friendly as it doesn’t require a public key infrastructure or computer license installation.
- Cost — The Cheapest protocol out there.
- Speed — Every cloud has a silver lining, in case of PPTP it is almost no reduction in speed due to low encryption levels.
- Bypassing Geo-restriction — If you use a VPN just for streaming your favorite foreign media content, this protocol is a nice option.
Disadvantages of point-to-point tunneling
- Performance — It has mediocre performance on unstable network, sometimes it even continues to send data even when the connection drops. thus, it is an unsafe protocol.
- Security — The encryption offered by the PPTP is limited to only 128-bit.
- Reliability — With no data origin verification and data integrity process, users don’t tend to rely on this protocol.
- Firewall restriction — ISP tend to recognize and set up firewalls in order to block this protocol.
- Obsolete technology — Of course, as a technology that is actually a quarter century old, one has to upgrade and update themselves in order to stay ahead.