1. Home
  2. Networking
  3. Integrated cisco and unix network architectures

PPTP (Point-to-Point Tunnel Protocol)

PPTP (RFC 2637) has received quite some attention?both praise and flames?because of its integration into the Windows operating system in combination with Microsoft Point-to-Point Encryption (MPPE) to realize on-demand VPN client access. MPPE works as a subfeature of Microsoft Point-to-Point Compression (MPPC) and provides encryption for PPP links.

PPTP itself does not provide encryption. It is used in client/server setups with enterprise remote-access servers (RASs) and was not designed with support for gateway-to-gateway tunnels in mind. MPPE is multiprotocol-capable, uses MS Challenge Handshake Authentication Protocol version 2 (CHAPv2) for authentication, and supports 40-bit and 128-bit encryption based on the RSA RC4 algorithm to provide data confidentiality. PPTP is based on an enhanced GRE approach. It is documented widely, and tons of example setups for Microsoft and UNIX are available. For further information, look at the RFCs relevant to MPPC (RFC 2118) and MPPE (RFC 3078/3079).

PPTP uses TCP/1723 to set up its control channel and IP protocol 47 (GRE) to move data. Enabling PPTP traffic to flow through a firewall requires you to establish bidirectional rules for both sets of traffic.[2]

This book does not provide a thorough discussion of PPTP in practice for several reasons:

  • It is not that relevant in non-Microsoft environments. There are far better choices for tunnel setup for UNIX and Cisco integrated architectures.

  • PPTP is deprecated, and Microsoft has moved on to L2TP/IPSec as a strategic technology.

  • Many documents, recipes, and configurations are available with regard to PPTP setups involving Microsoft clients and RAS servers (and for PPTP configurations in context with DSL setups, which are common in some European countries).

The following list identifies the most mature PPTP implementations for Linux and BSD operating systems:

  • UNIX PPTP Client Package? This is the recommended client package for Linux and BSD and integrates well with the PoPToP server. (http://pptpclient.sourceforge.net/)

  • PoPToP? An OpenSource PPTP server for Linux and BSD that works perfectly with the PPTP client package. (http://www.poptop.org/)

  • MPD? A multilink PPP daemon for FreeBSD. It is a robust and mature implementation based on the FreeBSD Netgraph facility. (http://www.dellroad.org/mpd/index)

  • PPTP-Proxy? A useful daemon that forwards a PPTP VPN connection through a Linux firewall. (http://www.mgix.com/pptpproxy/)

  • The MPPE/MPPC kernel module for Linux? This is an alternative to user-space approaches. It requires patching pppd and the kernel sources. It works with the current 2.4 Linux kernel. (http://www.polbox.com/h/hs001)

Exercise 11-2: PPTP on UNIX

Use PPTP Client and PoPToP to familiarize yourself with the UNIX implementation. For example, you can set up DSL access or provide RAS services to Microsoft roaming users.



    		Command Syntax Conventions
    		Chapter 1. Operating System Issues and Features-The Big Picture
    		Chapter 2. User-Space Routing Software
    		Chapter 3. Kernel Requirements for a Full-Featured Lab
    		Chapter 4. Gateway WAN/Metro Interfaces
    		Chapter 5. Ethernet and VLANs
    		Chapter 6. The Analyzer Toolbox, DHCP, and CDP
    		Chapter 7. The UNIX Routing and ARP Tables
    		Chapter 8. Static Routing Concepts
    		Chapter 9. Dynamic Routing Protocols-Interior Gateway Protocols
    		Chapter 10. ISP Connectivity with BGPv4-An Exterior Gateway Path-Vector Routing Protocol for Interdomain Routing
    		Chapter 11. VPN Technologies, Tunnel Interfaces, and Architectures
    		The Rationale for Tunnels in Routing Environments
    		The VPNC Concept of VPNs
    		The OSI Stack Perspective
    		Internet, Intranet, and Extranet Terminology
    		IP-IP Tunnel
    		Generic Router Encapsulation (GRE) Tunnel
    		Special Multicast and IPv6 Tunneling (RFC 2473, RFC 3053)
    		Cisco L2F (Layer 2 Forwarding)
    		PPTP (Point-to-Point Tunnel Protocol)
    		L2TP (Layer 2 Tunnel Protocol)
    		Mobile IP
    		User-Space Tunneling
    		IPSec Foundation
    		General Tunnel and Specific IPSec Caveats
    		Advice About IPSec Lab Scenarios
    		Road-Warrior Scenarios (Road Warrior-to-OpenBSD/FreeBSD Gateway with IKE)
    		Dynamic Routing Protocols over Point-to-Point Tunnels-Transparent Infrastructure VPN
    		Summary
    		Recommended Reading
    		Endnotes
    		Chapter 12. Designing for High Availability
    		Chapter 13. Policy Routing, Bandwidth Management, and QoS
    		Chapter 14. Multicast Architectures
    		Chapter 15. Network Address Translation
    		Appendix A. UNIX Kernel Configuration Files
    		Appendix B. The FreeBSD Netgraph Facility