Many users have probably heard of a term such as “PPTP connection”. What is it, some do not even imagine remotely. However, if you describe the principles of establishing a connection based on this protocol in simple language, they are completely easy to understand.
PPTP connection: what is it?
This type of connection is based on the protocol of the same name, the abbreviation in the name of which comes from the English point-to-point tunneling protocol, which can literally be translated as a “point-to-point tunnel protocol. In other words, this is a connection between two subscribers by transmitting encrypted data packets over insecure TCP / IP networks.
The PPTP connection type allows you to convert the so-called PPP frames into standard IP packets, which are transmitted, for example, via the same Internet. And although it is believed that PPTP is inferior in security to some other options like IPSec, today it is quite widespread, because, in fact, the user is dealing with one of the varieties of VPN connections (wireless connection).
PPTP connection: why use it?
The scope of this protocol is very extensive. First of all, this type of connection between two users allows not only to protect the transmitted information, but also significantly save on long-distance calls.
In addition, this protocol is very often indispensable in ensuring communication between two local networks, namely by transmitting packets on the Internet over a secure line (tunnel) without involving a direct connection between them. That is, two local networks do not have direct contact and use the tunnel as an intermediary.
On the other hand, PPTP-based tunneling can also be used to create a client-server connection, when the user terminal connects to the server via a secure channel.
PPTP implementation in different OS
Now let's digress a bit and look at the PPTP connection on the other hand. What is it, since the development of the protocol by Microsoft, then few people understood. And for the first time in its full version, it was implemented by Cisco.
Nevertheless, Microsoft specialists did not lag behind. Starting with Windows 95 OSR2, the possibility of creating a PPTP-based connection appeared in later software products, even with built-in PPTP server configuration tools. Further, an PPTP connection of Windows 7 will be considered as an example, moreover, it is this system that remains by far the most popular among most users.
On Linux systems, until recently, full support for this technology was not. It appeared only in version 2.6.13, and was officially announced in kernel version 2.6.14.
FreeBSD and Mac OS X systems come with built-in PPTP clients. Palm PDAs with Wi-Fi support are equipped with the Mergic client.
Initial conditions for a correct connection
The use of tunneling is quite specific. Setting up a PPTP connection involves the use of TCP port 1723 and, without fail, the IP GRE protocol with number 47.
It follows that the configuration of the firewall, if any, or the built-in Windows firewall should be such that IP packets can pass through freely and without restrictions. This applies not only to user machines or local networks. Equally, such free transmission of tunneled data should be provided at the provider level.
In the case of using NAT at the intermediate stage of data transmission, VPN processing in this segment should be configured accordingly.
General principles of operation and connection
We have reviewed briefly the PPTP connection. What is it, many probably already at least a little clear. Complete clarity of the question will be made after consideration of the basic principles of the protocol and the communication based on it, as well as in the section where the installation process will be shown along the PPTP GRE connection steps.
So, the connection between the two points is established on the basis of a regular PPP session based on the GRE protocol (encapsulation). The second connection directly on the TCP port is responsible for GRE management and initiation.
The transmitted IPX packet itself consists of data, sometimes called the payload, and additional control information. What happens when a packet is received at the other end of the line? The corresponding program for the PPTP connection, as it were, extracts the information contained in the whole IPX packet and sends it for processing using the tools corresponding to the system’s own protocol.
In addition, one of the important components of tunnel transmission and reception of basic information is a prerequisite for the use of access using a combination of "login-password". Of course, you can crack logins and passwords at the receiving stage, but in the process of transmitting information through a secure corridor (tunnel) - nothing.
Connection Security
As already mentioned, PPTP tunneling is completely secure in all aspects. However, taking into account that such encryption tools as EAP-TLS, MSCHAP-v2 or even MPEE are used, we can talk about a fairly high degree of protection.
Sometimes, to increase the level of security, response calls (dialers) can be used, in which the transmitting or receiving side confirms the connection and transmission of information programmatically.
Windows 7 Native PPTP Configuration: Network Adapter Settings
Setting up a PPTP connection on any Windows system is quite simple. As already mentioned, we take the "seven" as an example.
First you need to go to the "Network and Sharing Center." You can do this either from the "Control Panel". Or from the menu, called by right-clicking on the Internet or network connection icon.
On the left side of the menu there is a line for changing the parameters of the network adapter, which you need to use, after which you can right-click on a local area connection to call up the context menu and select the properties line.
In a new window, we use the properties of the TCP / IPv4 protocol. In the settings window, you should specify the parameters provided by the provider when connecting (in most cases, automatic reception of addresses for IP and DNS servers is set).
We save the changes and return to the connection on the local network, where we need to check whether it is currently active. To do this, use the right click. If the disconnect is indicated on the top line, then the connection is active. Otherwise, turn it on.
Create and configure VPN settings
The next step is to create a VPN connection. To do this, in the "Control Center" section on the right side of the window, use the line for creating a new connection.
After that, we select the connection to the workplace, and then use the existing Internet connection.
Next, we postpone the setting of Internet connection, and in the next window indicate the Internet address of the VPN operator and enter an arbitrary name (be sure to put a check mark in front of the line “Do not connect now”).
After that, enter the username and password, if any, are provided for by the contract for the provision of services, and click the "Create" button.
In the list of available connections, select the just created one and in the new window click the properties button. Next, you need to act very carefully. The following parameters must be set on the security tab:
- VPN type: automatic;
- data encryption: optional;
- protocol permissions: CHAP and CHAP version 2.
We confirm the changes, go to the connection setup window, where we press the connect button. If the settings are made properly, an Internet connection will occur.
Should I use third-party utilities?
Users react differently to the question of installing additional PPTP servers or clients, but most of them agree that setting up and using the built-in Windows module is much preferable in terms of simplicity.
You can, of course, install something like the pfSense package, which is a firewall-router, but its "native" Multilink PPP Daemon client has many problems with using PPTP-based Windows servers in terms of distributing the use of the authentication protocol between the client and server in corporate networks, although there were no such problems on home user terminals. In the configuration, this utility, as well as any others, is much more complicated, and without special knowledge it is not possible to specify the correct parameters or fix the constant "gathering" of the user's IP address.
You can try some other client or server utilities designed to establish a PPTP connection, but what's the point of loading the system with unnecessary programs when any Windows OS has its own tools? Moreover, some programs are not only difficult to configure, but also can cause conflicts at the software and physical level. So it’s better to limit yourself to what is.
Instead of an afterword
That, in fact, is all that relates to the PPTP protocol, as well as the creation, configuration and use of a tunnel connection based on it. As for its use, it is not justified for the average user. There are just legitimate doubts that someone might need a secure communication channel. If you really need to protect your IP, it is better to use anonymous proxy servers on the Internet or the so-called anonymizers.
But to ensure interaction between the local networks of commercial enterprises or any other structures, the establishment of a PPTP connection can be the easiest way out. And although such a connection will not fully provide security, nevertheless, there is a share of common sense in its use.