An Introductory Guide to the Point-to-Point Tunneling Protocol (PPTP)

A graphic showing two LANs connecting through the internet.
Connect two private networks through the Internet using PPTP.
IMAGE SOURCE: Created using Canva

When you set up a VPN on a router, firewall, operating system (OS), or security solution, it’ll ask you to choose a VPN protocol. Some of these protocols are fairly new. Others are decades old. One of these ancient VPN protocols is the Point-to-Point Tunneling Protocol or PPTP

In this article, I’ll take a closer look at PPTP. Specifically, I’ll talk about what it is, how it works, its benefits, drawbacks, and other related information. I’ll also explain whether or not it’s safe for you to use. Let’s get started, then!

What Is PPTP?

To start, a VPN protocol is a set of rules that two peers comply with to establish a VPN connection. Specified in RFC 2637 back in 1999, PPTP is one of the oldest VPN protocols still around. Moreover, many modern OSes, network solutions, and security solutions still support it. If you attempt to set up a VPN connection between an old PPTP-enabled router and your brand-new Windows laptop, you should succeed.

As a tunneling protocol, the Point-to-Point Tunneling Protocol enables data in one private network to reach another private network through a public network. This public network is usually the internet. In essence, PPTP encapsulates Point-to-Point Protocol (PPP) packets, allowing it to leverage PPP’s encryption and authentication capabilities. Overall, through PPP, a PPTP VPN can protect your data to a certain extent (more on that later).

A diagram illustrating two private networks connecting via the internet through a PPTP VPN
A PPTP VPN enables you to connect your company network and your branch office network via the internet
IMAGE SOURCE: Created using Canva

Let’s dive a bit deeper into its inner workings.

How Does PPTP Work?

If you understand how it works, you’ll have an easier time setting up and troubleshooting a PPTP VPN. Here’s an overview of the steps involved:

  1. PPTP follows a client-server architecture where the server listens on TCP port 1723
  2. Once a VPN client connects to port 1723, you’ll establish a “Control Connection”. You can send control and management information through this connection
  3. Then, you’ll establish a Generic Routing Encapsulation (GRE) tunnel. This tunnel encapsulates the PPP packets. In turn, these packets carry data you send through the VPN

As mentioned earlier, PPP provides security capabilities. Microsoft Point-to-Point Encryption (MPPE) implements the necessary encryption. Furthermore, the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) implements authentication.

It’s important to note that the Point-to-Point Tunneling Protocol doesn’t work well with routers and firewalls. It also doesn’t work well with other network devices with network address translation (NAT) capabilities. Ensure that your NAT devices have PPTP passthrough enabled to avoid connectivity issues. I’ll discuss what that is now.

What Is PPTP Passthrough?

PPTP passthrough is a special feature found in NAT-equipped network devices. This feature allows older VPN protocols to “passthrough” the NAT unimpeded. You can consider this feature a “VPN passthrough” in some network devices. Usually, when you find this feature, you’ll also find passthrough settings for specific VPN protocols.

PPTP and the Layer 2 Tunneling Protocol (L2TP) are normally provided with passthrough settings. Newer protocols like OpenVPN, IKEv2/IPsec, and WireGuard VPN already have NAT-friendly capabilities. As such, you normally don’t find passthrough settings for these protocols. 

To enable passthrough, you usually just need to click on an option button or toggle switch. 

A graphic depicting a GUI panel for enabling and disabling PPTP passthrough.
Enable passthrough to let PPTP traffic pass through a NAT.
IMAGE SOURCE: Created using Canva

Alright, we already defined PPTP, but why would you use it?

Benefits of Using PPTP

A PPTP VPN has all the benefits of a VPN. These benefits include providing secure remote access to files, applications, and hosts in a private network through the internet. But why would you choose this protocol over other VPN protocols out there? Despite existing since the 1990s, this protocol continues to thrive. This is due to 2 major benefits.

1. Lowers Total Cost of Ownership (TCO) for a VPN

Every Windows version since Windows 95 has PPTP bundled with it. As we all know, Windows has dominated business environments for the past decades. This means that organizations no longer have to purchase a separate solution to acquire a VPN. Similarly, system administrators no longer have to go through hoops to deploy a VPN. With this VPN protocol, you get a free VPN readily available on the most widely used platform.

2. Allows Users to Experience Fast Speeds Even When Using a VPN

When users access files and applications through a VPN, they normally experience a decline in speed and responsiveness. This happens due to the encryption and decryption processes inherent in VPN sessions. However, you’ll experience less decline with PPTP than with other protocols. This is because it uses relatively weak encryption.

Wait. Isn’t weak encryption a bad thing? It certainly is, and that deficiency is one of the biggest drawbacks of using this protocol. More on that as I discuss the drawbacks next!

Drawbacks of Using PPTP

PPTP has only one major drawback. Unfortunately, that single disadvantage is reason enough to avoid using it. 

Contains Plenty of Vulnerabilities

Like all antiquated protocols, PPTP was born at a time when the internet was a relatively safer place. As such, developers prioritized function over security. Today, however, the internet is teeming with threats. This isn’t good, given that this protocol does have some serious vulnerabilities. Here are some of them: 

  • Attackers can subject MPPE to bit-flipping attacks, which allow them to modify data at the bit level while avoiding detection.
  • MS-CHAP is easily crackable, allowing attackers to steal login credentials.
  • Attackers can initiate a Denial-of-Service (DoS) attack on port 1723, which can crash the VPN server.
A graphic depicting a successful hacking attempt on a PPTP VPN connection.
Hackers can easily break into a PPTP VPN connection.
IMAGE SOURCE: Created using Canva

If attackers exploit these vulnerabilities, your business can suffer downtime or a data breach. In turn, these incidents can result in reputational damage or even a lawsuit. Furthermore, if the breach involves personal information, it could also trigger regulatory violations that can amount to huge penalties.

Considering these vulnerabilities’ severity, you’d expect businesses to avoid this protocol altogether. Is anyone still using it? Let’s find out.

Are People Still Using PPTP?

Try running a Google search on “how to set up PPTP” and then specify the latest version of your favorite OS. The search results will surprise you for sure. Major platforms like Windows 11, Windows Server 2022, and popular small business routers like the Cisco RV series still support this protocol.

Screenshot showing the "Add a VPN connection" dialog on Windows Server 2022.
Windows Server 2022 still offers PPTP as an option when you select a VPN type.
Source: Screenshot taken from an actual EC2 instance of Windows Server 2022

Other major platforms have already stopped supporting the protocol. For instance, due to security concerns, Apple macOS stopped supporting it when v10.12 came out (macOS Sierra). Additionally, Android’s latest version, Android 12, doesn’t support it either.

Many people aren’t aware of the security risks involved with using PPTP, though. This is because the protocol is readily available on major platforms and devices. But is this abundance of accessibility that bad? Surely not, right?

Who Should Use PPTP? 

Although many operating systems and network devices still support PPTP, most businesses shouldn’t use it. The protocol’s security risks are just too high. If an attacker somehow compromised your VPN and you keep sending sensitive data through, you could suffer from a cyberattack.

Sure, you can use this protocol for a few scenarios. For example, you can use it for testing or educational purposes. You can also use it for non-critical use cases, such as video streaming. Otherwise, you’re better off with more secure VPN types such as IKEve2/IPsec, OpenVPN, SSTP, or WireGuard.

Alright, we’re done here. Time to wrap things up. 

Final Words

To conclude, PPTP is one of the fastest VPN protocols. As a VPN protocol, it should provide secure remote access to files, applications, and hosts in a private network through the internet. Unfortunately, this protocol is also one of the oldest still around. It may have been useful back in the day. However, today it has many vulnerabilities that make it unsuitable for today’s threat-infested production environments.

If you need to implement a VPN, you’ll want to avoid ancient protocols like PPTP. You’ll be much safer with modern VPN protocols like IKEve2/IPsec, OpenVPN, SSTP, or WireGuard.

Do you have more questions about PPTP? Check out the FAQ and Resources sections below!

FAQ

Which security solution is better, a VPN or a firewall?

VPNs and firewalls counter different sets of threats. VPNs can help protect sensitive data from attackers eavesdropping on your network. On the other hand, firewalls can help restrict access to your internal network. You can also use firewalls to apply network segmentation. You’ll most likely want to use a VPN and a firewall to protect your network. 

How can I use VPNs to secure my data center?

Since VPNs have encryption and authentication security controls, you can use them to augment your data center security. Specifically, you can use a VPN to implement secure remote access to the resources hosted in your data center. When users and trading partners access resources through a VPN, attackers won’t be able to eavesdrop on their sessions.

What is a site-to-site PPTP VPN?

A site-to-site PPTP VPN connects two networks, like an HQ network and a branch network. In this setup, users and processes in one network can access resources in the other network through the VPN. This VPN ensures the protection of data transmitted between the two networks.

How does a VPN protect remote workers?

A VPN can keep users’ data safe when connecting to the internet through public Wi-Fi. It also provides users secure remote access to files, applications, and other resources when connecting to their corporate network. Get more details on the topic in our article about remote workers and using a VPN.

What is a business VPN, and why would I need it?

A business VPN is any VPN solution mainly used for business-related tasks instead of personal tasks. Business VPNs meet more stringent requirements than regular consumer or personal VPNs. They may, for example, support stronger encryption and multiple authentication methods. As such, your company data will be safer with a business VPN.

Resources

TechGenix: Article on L2TP VPN

Get acquainted with the core concepts of the Layer 2 Tunneling Protocol (L2TP).

TechGenix: Article on Remote Network Access

Know your options when implementing remote network access.

TechGenix: Review on KerioControl VPN

Weigh the different pros and cons of using KerioControl VPN.

TechGenix: Article on Self-Hosted VPNs and VPNs-as-a-Service

Explore the advantages and disadvantages of self-hosted VPNs and VPNs-as-a-Service.

TechGenix: Article on Tor vs VPN

Learn when you should use Tor vs a VPN and vice versa.

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top