Computer Desktop Encyclopedia
THIS DEFINITION IS FOR PERSONAL USE ONLY.
All other reproduction is strictly prohibited without permission from the publisher.
© 1981-2012 The Computer Language Company Inc. All rights reserved. Read more
Point-to-Point Tunneling Protocol
Top
(Point-to-Point Tunneling Protocol) A protocol from Microsoft that is used to create a virtual private network (VPN) over the Internet. Remote users can access their corporate networks via any ISP that supports PPTP on its servers.
PPTP encapsulates any type of network protocol (IP, IPX, etc.) and transports it over IP. Thus if IP is the original protocol, IP packets ride as encrypted messages inside PPTP packets running over IP. PPTP is based on the point-to-point protocol (PPP) protocol and the generic routing encapsulation (GRE) protocol. Encryption is performed by Microsoft's Point-to-Point Encryption (MPPE), which is based on RC4. See L2TP.
Download Computer Desktop Encyclopedia to your PC, iPhone or Android.
Related Videos:
Top
Point-to-Point Tunneling Protocol
Abbreviations:
Top
PPTP
is short for:
| Meaning | Category |
| Pigeon Packet Transfer Protocol | Miscellaneous->Funnies |
| Point-to-Point Tunneling Protocol | Computing->Software Computing->Networking Computing->Telecom Governmental->FDA |
Click here to submit an acronym.
Wikipedia on Answers.com:
Top
Point-to-Point Tunneling Protocol
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
The PPTP specification does not describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN products.
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
| Link layer |
|
Contents
|
PPTP specification
A specification for PPTP was published as RFC 2637[1] and was developed by a vendor consortium formed by Microsoft, Ascend Communications (today part of Alcatel-Lucent), 3Com, and others. PPTP has not been proposed nor ratified as a standard by the IETF.
A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer.
The PPTP GRE packet format is non standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, like in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.
The GRE tunnel is used to carry encapsulated PPP packets, allowing the tunnelling of any protocols that can be carried within PPP, including IP, NetBEUI and IPX.
In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP, CHAP, Microsoft CHAP V1/V2 or EAP-TLS. The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2 or EAP-TLS. MPPE is described by RFC 3078.
PPTP implementations
PPTP was the first VPN protocol that was supported by Microsoft Dial-up Networking. All releases of Microsoft Windows since Windows 95 OSR2 are bundled with a PPTP client, although they are limited to only 2 concurrent outbound connections. Microsoft Windows Mobile 2003 and higher also support the PPTP protocol. The Routing and Remote Access Service for Microsoft Windows contains a PPTP server. The Microsoft implementation uses single DES in the MS-CHAP authentication protocol which many find unsuitable for data protection needs.[2]
Windows Vista and later support the use of PEAP with PPTP. The authentication mechanisms supported are PEAPv0/EAP-MSCHAPv2 (passwords) and PEAP-TLS (smartcards and certificates). Windows Vista removed support for using the MSCHAP-v1 protocol to authenticate remote access connections.[3]
Linux server-side support for PPTP is provided by the PoPToP daemon[4] and kernel modules for PPP and MPPE. The first PPTP implementation was developed by Matthew Ramsay in 1999[5] and initially distributed under the GNU GPL by Moreton Bay. However, Linux distributions initially lacked full PPTP support because MPPE was believed to be patent encumbered. Full MPPE support was added to the Linux kernel in the 2.6.14 release on October 28, 2005. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client. There is also ACCEL-PPP - PPTP/L2TP/PPPoE server for Linux[6] which supports PPTP in kernel-mode.
Mac OS X and Apple iOS are bundled with a PPTP client. Cisco and Efficient Networks sell PPTP clients for older Mac OS releases. Palm PDA devices with Wi-Fi are bundled with the Mergic PPTP client.[citation needed]
Many different Mobile phones with Android as operating system support PPTP as well.
Security of the PPTP protocol
PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to uits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.[7]
EAP-TLS is seen as the superior authentication choice for PPTP;[8] however, it requires implementation of a Public Key Infrastructure for both client and server certificates. As such it is not a viable authentication option for many remote access installations.
See also
- OpenVPN, open source software application that implements VPN
- IPsec
- Layer 2 Tunneling Protocol
References
- ^ RFC 2637
- ^ Ray, Marsh (April 3, 2012). "MS PPTP MPPE only as secure as *single* DES". http://lists.randombit.net/pipermail/cryptography/2012-April/002729.html. Retrieved April 3, 2012.
- ^ "The MS-CHAP version 1 authentication protocol has been deprecated in Windows Vista". Support.microsoft.com. 2007-03-15. http://support.microsoft.com/kb/926170. Retrieved 2012-02-07.
- ^ "PoPPToP Linux daemon at SourceForge". Sourceforge.net. http://sourceforge.net/projects/poptop. Retrieved 2012-02-07.
- ^ "Linux Journal PPTP Implementation". Linuxjournal.com. http://www.linuxjournal.com/node/3965/print. Retrieved 2012-02-07.
- ^ "ACCEL-PPP - PPTP/L2TP/PPPoE server for Linux". Accel-ppp.sourceforge.net. http://accel-ppp.sourceforge.net/. Retrieved 2012-02-07.
- ^ Bruce Schneier, Cryptanalysis of Microsoft's Point to Point Tunneling Protocol (PPTP).
- ^ EAP-TLS or MS-CHAP v2 for User-Level Authentication, Microsoft TechNet, March 28, 2003
External links
- Windows NT: Understanding PPTP from Microsoft
- FAQ on security flaws in Microsoft's implementation, Bruce Schneier, 1998
- Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), Bruce Schneier, 1999
|
||||||||||||||
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
Post a question - any question - to the WikiAnswers community:
Copyrights:
Abbreviations
STANDS4.com - The source for acronyms and abbreviations. Copyright © 2004-2012 STANDS4 LLC. All rights reserved.
Read more
