Point-to-point tunneling protocol

From Wikipedia, the free encyclopedia

The five-layer TCP/IP model
5. Application layer

DHCP · DNS · FTP · Gopher · HTTP · IMAP4 · IRC · NNTP · XMPP · POP3 · RTP · SIP · SMTP · SNMP · SSH · TELNET · RPC · RTCP · RTSP · TLS (and SSL) · SDP · SOAP · GTP · STUN · NTP · BGP · (more)
4. Transport layer
TCP · UDP · DCCP · SCTP · RSVP · ECN · (more)
3. Network/internet layer
IP (IPv4 · IPv6) · OSPF · IS-IS · IPsec · ARP · RARP · RIP · ICMP · ICMPv6 · IGMP · (more)
2. Data link layer
802.11 (WLAN) · 802.16 · Wi-Fi · WiMAX · ATM · DTM · Token ring · Ethernet · FDDI · Frame Relay · GPRS · EVDO · HSPA · HDLC · PPP · PPTP · L2TP · ISDN · ARCnet · LLTD · (more)
1. Physical layer
Ethernet physical layer · RS-232 · SONET/SDH · G.709 · Optical fiber · Coaxial cable · Twisted pair · (more)
This box: view  talk  edit

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Layer 2 Tunneling Protocol (L2TP)[1] or IPSec are the standards-based replacements for PPTP.

Contents

[edit] PPTP specification

A specification for PPTP was published as RFC 2637. PPTP has not been proposed or ratified as a standard by the IETF.

PPTP works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions.

PPTP connections are authenticated with Microsoft MSCHAP-v2 or EAP-TLS. VPN traffic is optionally protected by Microsoft Point-to-Point Encryption (MPPE), which is described by RFC 3078.

MSCHAP-v2 can be compromised if users choose weak passwords. The certificate-based EAP-TLS provides a superior security option for PPTP.

[edit] PPTP implementations

The protocol was developed by a vendor consortium formed by Microsoft, Ascend Communications (today part of Lucent/Alcatel), 3COM, and others, as described by the RFC document.[2]

PPTP is popular because it is easy to configure and it was the first VPN protocol that was supported by Microsoft Dial-up Networking. All releases of Microsoft Windows since Windows 95 OSR2 are bundled with a PPTP client, although they are limited to only 2 concurrent outbound connections. The Routing And Remote Access Service for Microsoft Windows contains a PPTP server.

Until recently, Linux distributions lacked full PPTP support because MPPE was believed to be patent encumbered. Full MPPE support was added to the Linux 2.6.13 branch that is maintained by Andrew Morton. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client. Official support for PPTP was added to the official kernel release in version 2.6.14 on October 28, 2005.

Mac OS X (including the version loaded on the iPhone) is bundled with a PPTP client. Cisco and Efficient Networks sell PPTP clients for older Mac OS releases. Palm PDA devices with Wi-Fi are bundled with the Mergic PPTP client.

Microsoft Windows Mobile 2003 and higher also support the PPTP protocol.

[edit] PPTP security concerns

"Security concerns have dogged PPTP since its inception. It is the author’s opinion that PPTP is inherently insecure because there are too many unauthenticated control packets that are readily spoofed."[3]

A typical upgrade path for PPTP will be L2TP/IPsec. The adoption of improved VPN technologies has been slow because PPTP is convenient and easy to configure, whereas L2TP/IPsec requires a shared key or machine certificates.

[edit] References

  1. ^ Layer Two Tunneling Protocol "L2TP",RFC 2661, W. Townsley et al.,August 1999
  2. ^ RFC 2637
  3. ^ JANET Technical Guides: Secure Virtual Private Networks, (2003)

[edit] External links


v  d  e
Virtual Private Networking

Software: Hamachi · Microsoft Intelligent Application Gateway · Openswan · OpenVPN · Remobo · tinc (protocol)
Mechanisms: IPsec · Layer 2 Tunneling Protocol · L2TPv3 · Point-to-point tunneling protocol · Split tunneling
Vendor-driven: L2F · Next Hop Tunnel Binding