The Point-to-Point Tunneling Protocol (PPTP) can be used to implement virtual private networks over IP-based networks such as the Internet. It is an extension of the Point-to-Point Protocol and is implemented in many operating systems. Due to known vulnerabilities, PPTP is no longer considered secure today.
What is PPTP?
The abbreviation PPTP stands for Point-to-Point Tunneling Protocol. The protocol is one of the VPN protocols and is an extension of PPP (Point-to-Point Protocol). PPTP can be used to implement virtual private networks over IP-based networks.
The development of the Point-to-Point Tunneling Protocol was driven by several manufacturers such as Microsoft and 3Com. It is standardized in RFC 2637 from 1999 and was implemented in many operating systems such as Microsoft Windows and Linux after its publication. In addition to Windows and Linux, PPTP clients are available for almost all operating systems such as macOS, iOS, OpenBSD, or Android. Many firewalls or routers also support the protocol. PPTP can be used with various encryption and authentication methods.
With PPTP, protocols such as IP, IPX, or NetBEUI can be tunneled over IP. Due to vulnerabilities that have become known, the Point-to-Point Tunneling Protocol is no longer considered secure today. It has been largely superseded by other VPN protocols such as L2TP/IPsec, IPsec/IKEv2, or OpenVPN.
Features and architecture of the Point-to-Point Tunneling Protocol
The central components of the PPTP architecture are the PAC (PPTP Access Concentrator) and the PNS (PPTP Network Server). The PNS receives data packets from the tunnel and is responsible for routing and controlling the data. The PAC is responsible for establishing the connection. It is usually integrated into the client system. TCP port 1723 is used for initialization.
The client transmits the control data of the connection to the server via this port. Tunneling of the PPP data takes place via a GRE connection (Generic Routing Encapsulation connection). GRE is used to wrap the PPP packets in IP. Methods such as MS-CHAPv1 or MS-CHAPv2 are responsible for authenticating the client. If the client is authenticated, it receives an IP address from the server.
Encryption of the data must also be negotiated between the client and the server. Because the Point-to-Point Tunneling Protocol and GRE have problems with Network Address Translation (NAT), NAT routers use methods such as PPTP passthrough that allow GRE packets to be mapped to clients.
Point-to-Point Tunneling Protocol security.
Due to vulnerabilities in the protocol that became known in 2012, PPTP is no longer considered secure. In principle, any PPTP connection can be cracked with relatively little effort. There are offers on the Internet that can do this within a few hours. All that is needed is a recorded login process. The vulnerability is due to the MS-CHAPv1 and MS-CHAPv2 authentication methods used. The hash values required for authentication can be quickly determined via simple brute force attacks.
Alternatives to Point-to-Point Tunneling Protocol
PPTP should no longer be used for VPNs due to its vulnerabilities. Secure alternatives to Point-to-Point Tunneling Protocol include:
- L2TP with IPsec (Layer 2 Tunneling Protocol with Internet Protocol Security).
- IPsec and IKEv2 (Internet Key Exchange Version 2)
- SSTP (Secure Socket Tunneling Protocol)
- OpenVPN with OpenSSL