Point-to-point tunneling protocol

From Free net encyclopedia

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks.

Contents 1 PPTP specification 2 PPTP implementations 3 PPTP upgrade path 4 External links

PPTP specification

A specification for PPTP was published as RFC 2637. PPTP has not been ratified as a standard by the IETF.

The PPTP protocol works by sending a regular PPP session to the peer with the Generic Routing Encapsulation (GRE) protocol. A second session on TCP port 1723 is used to initiate and manage the GRE session. PPTP is difficult to forward past a network firewall because it requires two network sessions.

PPTP connections are authenticated with Microsoft MSCHAP-v2 or EAP-TLS. VPN traffic is optionally protected by MPPE encryption, which is described by RFC 3078.

MSCHAP-v2 can be compromised if users choose weak passwords. The certificate based EAP-TLS provides a superior security option for PPTP.

PPTP implementations

Cisco first implemented PPTP and later licensed the technology to Microsoft.

PPTP is popular because it is easy to configure and it was the first VPN protocol that was supported by Microsoft Dial-up Networking. All releases of Microsoft Windows since Windows 95 are bundled with a PPTP client. The Routing And Remote Access Service for Microsoft Windows contains a PPTP server.

Until recently, Linux distributions lacked full PPTP support because MPPE was believed to be patent encumbered. Full MPPE support was added to the Linux 2.6.13 branch that is maintained by Andrew Morton. SuSE 10 was the first Linux distribution to provide a complete working PPTP client. Official support for PPTP was added to the official kernel release in version 2.6.14 on October 28, 2005.

Mac OS X is bundled with a PPTP client. Cisco and Efficient Networks sell PPTP clients for older Mac OS releases. Palm PDA devices with Wi-Fi are bundled with the Mergic PPTP client.

PPTP upgrade path

The upgrade path for PPTP on Microsoft platforms will be to either L2TP or IPsec. The adoption of improved VPN technologies has been slow because PPTP is convenient and easy to configure, whereas L2TP requires machine certificates, and IPsec is complex and poorly supported on older platforms (such as Windows 98 and Windows Me).

External links

• On PPTP security flaws and fixes [1]
• Point-to-Point Tunneling Protocol (PPTP), RFC 2637, July 1999 [2]
• FAQ on PPTP from Microsoft [3]
• FAQ on security flaws in Microsoft's implementation, Bruce Schneier, 1998 [4]
• Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), Bruce Schneier, 1999 [5]
• Poptop, a PPTP Server for Linux [6]
• PPTP Client, a Linux, FreeBSD, NetBSD and OpenBSD client [7]
• pptpproxy , a Linux, FreeBSD, NetBSD and OpenBSD pptp protocol forwarder (proxy) [8]
• ASLEAP, a PPTP password cracker and traffic sniffer [9]
• PPTP Protocol Security by James Cameron and Peter Mueller [10]
• Setting up EAP-TLS security for PPTP[11]de:Point-to-Point Tunneling Protocol

es:PPTP fr:Point-to-point tunneling protocol he:Point-to-Point Tunneling Protocol ja:ポイント・ツー・ポイント・トンネリング・プロトコル pl:PPTP ru:PPTP fi:PPTP