PPTP connection - what is it?

Probably, many users have heard about the term "PPTP connection". What is this, some do not even imagine remotely. However, if you describe the principles of establishing a connection based on this protocol in plain language, it is not difficult to understand them.

PPTP connection: what is it?

Connection of this type is based on the protocol of the same name, the abbreviation in the name of which comes from the English point-to-point tunneling protocol, which can literally be translated as a "point-to-point" tunnel protocol. In other words, it is a connection between two subscribers by sending data packets in encrypted form through unprotected networks based on TCP / IP.

The PPTP connection type allows you to convert so-called PPP frames to standard IP packets, which are transmitted, for example, via the same Internet. Although PPTP is considered to be inferior in terms of security to some other options such as IPSec, it is now quite widespread, because, in fact, the user is dealing with one of the types of VPN connections (wireless connection).

PPTP connection: why use it?

The scope of this protocol is very extensive. First of all, this type of connection between two users allows not only to protect the transmitted information, but also to save significantly on long-distance calls.

In addition, this protocol is very often irreplaceable when providing communication between two local networks, namely by sending packets on the Internet via a secure line (tunnel) without using a direct connection between them. That is, two local networks do not have direct contact and use the tunnel as an intermediary.

On the other hand, PPTP-based tunneling can also be used to create a client-server connection when a user terminal connects to the server through a secure channel.

Implementing PPTP in different operating systems

Now a little distracted and on the other hand we'll look at the PPTP connection. What is it, from the moment of development of the protocol by Microsoft Corporation, then very few people understood. And for the first time in a full version, it was implemented by Cisco.

Nevertheless, Microsoft experts did not lag behind. Beginning with Windows 95 OSR2, the possibility of creating a PPTP-based connection appeared in later software products, even with built-in PPTP server configuration tools. Further, as an example, we will consider the PPTP connection of Windows 7, especially since this system is by far the most popular among the majority of users.

In Linux systems until recently, there was no full support for this technology. It appeared only in version 2.6.13, and was officially announced in the 2.6.14 kernel version.

FreeBSD and Mac OS X systems come with built-in PPTP clients. Palm PDAs with Wi-Fi wireless connection support are equipped with a Mergic client.

Initial conditions for correct connection

The use of tunneling is quite specific. Setting up a PPTP connection involves using TCP port 1723 and without fail - IP GRE protocol number 47.

This means that the firewall configuration , if any, or the built-in Windows firewall should be such that IP packets can pass freely and without restrictions. This applies not only to user machines or local networks. Equally, such free transmission of tunneled data should be provided at the provider level.

If NAT is used in the intermediate stage of data transmission, then the VPN processing in this segment should be configured accordingly.

General principles of operation and connection

We have considered the PPTP connection quite succinctly. What is it, many, probably, already at least a little clear. Full clarity in the matter will be made after considering the basic principles of the functioning of the protocol and the connection based on it, as well as in the section where the installation process will be shown by the steps of the PPTP GRE connection.

So, the connection between two points is established on the basis of an ordinary PPP session based on the GRE protocol (encapsulation). The second connection directly on the TCP port is responsible for managing the GRE and initiating.

The IPX packet itself is actually composed of data, sometimes called a payload, and additional control information. What happens when you receive a packet at the other end of the line? The corresponding program for the PPTP connection, as it were, retrieves the information contained in the whole IPX packet and sends it for processing using tools corresponding to the system's own protocol.

In addition, one of the important components of the tunnel transmission and the reception of basic information is a mandatory condition for using access with the help of the "login-password" combination. Of course, you can crack logins and passwords at the receiving stage, but in the process of transferring information through a protected corridor (tunnel) - in any way.

Connection security tools

As already mentioned, tunneling based on the PPTP protocol is absolutely not protected in all respects. However, if we take into account that such tools as EAP-TLS, MSCHAP-v2 or even MPEE are used for data encryption , we can speak about a sufficiently high degree of protection.

Sometimes, in order to improve the level of security, reciprocal calls (dial-ups) can be used, in which the transmitting or receiving party confirms the connection and transmission of information programmatically.

Configuring PPTP with Windows 7 Custom Tools: Network Adapter Settings

Configuring a PPTP connection in any Windows system is easy. As already mentioned, take the "seven" as an example.

First you need to go to the Network and Sharing Center. You can do this either from the Control Panel. Or from the menu that is called by a right-click on the icon of the Internet or network connection.

On the left side of the menu there is a line for changing the parameters of the network adapter, which you need to activate, then right-click on the connection through the local network to call the context menu and select the property line.

In the new window we use the properties of the TCP / IPv4 protocol. In the settings window, you should write down the parameters provided by the provider when connecting (in most cases, automatic reception of addresses for IP and DNS servers is established).

Save the changes and return to the connection over the local network, where you need to check whether it is active at the moment. To do this, use the right click. If the top line shows "Disconnect", then the connection is active. Otherwise, turn it on.

Create and configure VPN settings

The next step is to create a VPN connection. To do this, in the "Control Center" section in the right part of the window we use the line for creating a new connection.

After that, select the connection to the workplace, and then - use the existing connection to the Internet.

Next, we postpone the setting-Internet connection, and in the next window we specify the Internet address of the VPN operator and enter an arbitrary name (necessarily at the bottom tick the "Do not connect now" line).

After that, enter the login and password, if any, provide a contract for the provision of services, and click the "Create" button.

In the list of available connections, select the newly created one and in the new window click the properties button. Then you need to act very carefully. On the security tab, you must set the following parameters:

• VPN type: automatic;
• Data encryption: optional;
• Protocol permissions: CHAP and CHAP version 2.

Confirm the changes, go to the connection setup window, where we press the connection button. If the settings are correct, an internet connection will be made.

Should I use third-party utilities?

On the question of installing additional PPTP servers or clients, users react differently, but most of them agree that setting up and using the built-in Windows module looks much more preferable in terms of simplicity.

You can, of course, install something like the pfSense package, which is a firewall-router, but its "native" Multilink PPP Daemon client has many problems using PPTP-based Windows servers in terms of distributing the use of the authentication protocol between the client and the server in Corporate networks, although there were no such problems on home user terminals. In the configuration, this utility, as well as any other, is much more complicated, and without proper knowledge to specify the correct parameters or fix a constant "gathering" of the user IP-address is not possible.

You can try some other client or server utilities designed to establish a PPTP connection, but what's the point of downloading the system with unnecessary programs when any Windows operating system has its own tools? Moreover, some programs are not only difficult to configure, but also can cause conflicts at the program and physical level. So it is better to be limited to what is.

Instead of an afterword

That's all about the PPTP protocol, as well as creating, configuring and using a tunnel connection based on it. As for its use, it is not justified for the average user. Just arise legitimate doubts that someone might need a secure communication channel. If you really want to protect your IP, it's better to use anonymous proxy servers on the Internet or so-called anonymizers.

But to ensure interaction between local networks of commercial enterprises or any other structures, the installation of a PPTP connection can be the easiest way out. And although such a connection does not guarantee 100% security, nevertheless, the share of common sense in its operation is.