- What is PPTP? Fast VPN protocol with security issues.
- What is PPTP? The Transylvanian story.
- What is PPTP?
- How does PPTP work?
- PPTP compatibility
- Advantages and disadvantages of PPTP
- Advantages of using PPTP
- Disadvantages of using PPTP
- How to set up PPTP on (some of) your devices
- Manual PPTP setup
- Use VPN client apps
- Test your PPTP VPN connection
- PPTP security issues
- Tips to get the most from PPTP
- PPTP alternative protocols
- OpenVPN
- WireGuard
- L2TP/IPSec (Layer 2 Tunneling Protocol)
- SSTP (Secure Socket Tunneling Protocol)
- IKEv2
- Summary
- About the Author
- Adrian Roman
What is PPTP? Fast VPN protocol with security issues.
PPTP is one of the oldest VPN protocols and the foundation for many VPN connections. However, due to security concerns, PPTP is no longer recommended for encrypting VPN tunnels.
This article explains what PPTP is, how this VPN protocol works, how to set it up on your devices, and how it compares with other VPN protocols. We will also look at some of the advantages and disadvantages of the PPTP protocol.
What is PPTP? The Transylvanian story.
To escape the “nah” mood that kept him inside the castle for months, Vlad decided it was the right moment to buy himself a new car:
– Hey, TomBat, my dear bat pet, let’s go shopping! I will add some new wheels to my collection.
– Finally! You get yourself a bicycle! You really need to get some exercise these days.
– Funny, but no!
– Ok, I got it. But, can it be a Batmobile? Pretty please …
– Well … ok … Where can we found one? asked Vlad, hoping for no answer.
– Worry no more!, swiftly answered TomBat. I’ll take you to my dealer!
After a short drive with Vlad’s Dacia (the Romanian national car), they entered a custom car shop … and there was the Batmobile. Exactly how it should have been.
The dealer didn’t spare a moment to praise the car and its speed. But, Vlad had to ask:
– How old is this beauty?
– She is still young, in her early twenties...
– Gosh, is she safe? Comparing to modern cars?
– Hmmm, you know … it’s not the safest car you could get, but it is very fast!
Finally, after some serious bargaining, Vlad bought the Batmobile. Yet, he only drives it occasionally, on short distances and during weekends.
To get to our article’s point: similarly to the Batmobile, the PPTP protocol is fast but not the most secure. You should use it cautiously!
What is PPTP?
Introduced in July 1999, the Point to Point Tunneling Protocol (PPTP) is a Virtual Private Network protocol that improved the previous PPP standard, which did not include the tunneling feature.
PPTP comprises of a set of rules that are used to ensure the communication process between a VPN client and a VPN server.
Although it was originally developed as a protocol targeted at being used in Windows operating systems, it fast became widespread. The PPTP VPN protocol is now available on a wide variety of different platforms and systems.
How does PPTP work?
PPTP was developed on the foundation of PPP (the Point-to-Point Protocol), and as such, it is based on its encryption and authentication framework. Working similarly to all tunneling technologies, data packets are encapsulated by PPTP, and it creates a tunnel for the data that flows across IP networks.
The technical specification for PPTP is contained in Internet RFC 2637, and it is based on a client-server design that runs at the OSI model’s Layer 2.
PPTP enables two different types of information flow once a VPN tunnel has been established:
- Data packets flow from and to a VPN client to and from the VPN server through the tunnel. PPTP uses a GRE (Generic Routing Encapsulation) tunnel for encapsulation.
- Control messages are used to manage and eventually tear down the VPN connection. Control messages are passed on TCP port 1723 directly between a VPN server and a client.
A server administrator normally provides the PPTP VPN server’s address information to the individuals that are authorized to use the VPN. Connection strings can be provided either as an IP address or as a server name.
PPTP compatibility
As one of the oldest VPN protocols, PPTP was adopted on all major operating systems (including Windows, macOS, iOS, Android, Linux) and various devices (routers, SmartTVs, game consoles).
However, due to the security concerns discussed below, Apple removed support for PPTP starting with iOS 10 and macOS Sierra.
PPTP can still be configured and used on Microsoft Windows (all versions), Android, and Linux, as well as on various types of routers and devices.
It is expected that more and more OSes and device producers move to more modern and safer VPN protocols in the future.
Advantages and disadvantages of PPTP
Before setting up a PPTP VPN, you should give proper attention to this VPN protocol’s pros and cons.
Advantages of using PPTP
PPTP has some important benefits:
- Ease of configuration: Any individual with little or some knowledge can set up a PPTP protocol relatively easily.
- Speed: PPTP offers a breakneck speed when compared with other similar protocols.
- Compatibility: The protocol is by default compatible with Windows-based systems, and it is also available for use on many other popular platforms.
Disadvantages of using PPTP
Although PPTP is fast and easy to configure, it also has some fundamental drawbacks.
- Security: The PPTP protocol is, unfortunately, not ideal for businesses (who can also focus on a VPN concentrator solution) and users that have the requirement of keeping their data secure.
- Availability: Due to security issues, PPTP is no longer available on Apple devices (Mac, iPhone, iPad).
- Reliability: When PPTP is used on a connection that is not stable, it does have several performance issues. Additionally, PPTP can be easily blocked by firewalls, even by ISPs (Internet Service Providers).
- Encryption: PPTP uses RC4 and RSA algorithms that employ 128-bit encryption, less than the encryption offered by other VPN protocols (e.g., OpenVPN, WireGuard).
- Support: PPTP does not support Perfect Forward Secrecy.
How to set up PPTP on (some of) your devices
The simplest way to use PPTP on your device is to manually set up a connection. Additionally, if the protocol is what you are looking for and you are not in need of connecting to a specific PPTP server, you may use a VPN client offered by a VPN provider.
Remember that Apple has removed PPTP from iOS and macOS. However, there are still options to set up PPTP on macOS.
A reliable option is to set PPTP on your router and connect to the router with the devices you want to benefit from the VPN secure tunnel.
Manual PPTP setup
For manual setup, you need to know the server address (name or IP address) and the username/password for authentication. You may either get them from a VPN service provider or the VPN network administrator.
The manual PPTP setup consists of creating a VPN connection on your operating system of choice and filling in the connection settings:
- How to manually set up PPTP on Windows
- How to set up PPTP on Android
- How to use PPTP on Linux
On macOS, even though there are no solution to manually initiate a PPTP connection, workarounds are still available.
Use VPN client apps
As PPTP has security flaws, fewer and fewer VPN providers use it in their own apps. However, depending on the operating system, VPN software using PPTP are still available.
We recommend two good VPN services that may help you get a PPTP VPN tunnel on Windows: PureVPN and HideIPVPN. To get started, subscribe to the service, install the app, and select the PPTP protocol.
On macOS, you may install VPNTracker, but you need to have access to the PPTP server connection credentials.
Test your PPTP VPN connection
Every time you connect, you should check the VPN connection. It would be best if you made sure the VPN tunnel was properly initiated. The most obvious test is to load an IP checker website and check your visible IP address. It should show the IP and location of the PPTP server.
PPTP security issues
Although PPTP was considered secure when it was originally released, that is unfortunately no longer the case. PPTP is outdated compared to modern standards being used today, and using the PPTP protocol for securing online data is extremely risky.
Below is a short overview of the various PPTP security issues you should be aware of:
- The authentication methods used by PPTP (MS-CHAP Version 1 and MS-CHAP Version 2) are vulnerable. There are tools available to extract NT Password hashes from exchanges using MS-CHAP Version 1. MS-CHAP Version 2 is seemingly vulnerable to dictionary attacks, and MS-CHAP Version 2 D4 passphrases can, in fact, be hacked in about 23 hours.
- Since the encryption employed by PPTP, MPPE (Microsoft Point-to-Point Encryption), uses an RC4 stream cipher, hackers can employ bit-flipping attacks to take advantage of the ciphertext’s vulnerability due to there not being any authenticated in the ciphertext stream.
- Documents prove that the NSA has cracked the PPTP traffic.
As all of the security issues mentioned above are fairly well-known by now, this will make PPTP traffic a straightforward target for any hacker due to it being so vulnerable to malicious attacks.
Tips to get the most from PPTP
If you decide to use PPTP despite its drawbacks make sure that:
- Only use PPTP when no sensitive data is involved, meaning that you should not enter your credit card info or share private files while connected to the VPN.
- You have access to an alternative protocol safer than PPTP (OpenVPN, WireGuard) if you need to increase the communication channel’s security.
- Choose a trustful VPN provider.
PPTP alternative protocols
There are a handful of VPN protocols that are available for creating secure tunnels. Now that you know what is PPTP protocol, you may be curious if there are better alternatives.
Based on security, connection speeds, and compatibility, here are several good examples of VPN protocols you can try.
OpenVPN
OpenVPN is considered the de-facto standard of VPN protocols. It is open-source, offers excellent encryption options, good performance, and it is preferred by most of the VPN providers. You may use OpenVPN on UDP for faster connections.
WireGuard
WireGuard is seen as the future of VPN protocols due to its simplicity and speed (it seems to be faster than OpenVPN). It is secure, easy to use, and open-source.
L2TP/IPSec (Layer 2 Tunneling Protocol)
L2TP/IPSec is another popular VPN protocol supported by all operating systems and by the majority of VPN providers. With acceptable speed and great encryption, L2TP is a good option to try.
SSTP (Secure Socket Tunneling Protocol)
SSTP, a protocol that is solely compatible with Windows devices, is considered one of the most secure VPN protocols. SSTP uses SSL 3.0, and it offers 256-bit encryption for VPN connections. It as fast as OpenVPN.
IKEv2
IKEv2 is another stable VPN protocol that is significantly safer than PPTP (it uses the AES-256 cipher). However, IKEv2/IPSec is harder to set up than PPTP.
Summary
The PPTP protocol has been around for 25 years, and most VPN providers have offered access to it. The PPTP encryption and authentication framework work similarly to all tunneling technologies by encapsulating data packets to create a tunnel for the data that flows across IP networks.
Although it is speedy, easy to configure, and available for use on major operating systems (Windows, Android, Linux), its security is lacking in various areas. This makes it extremely risky to use in applications where there are requirements for keeping data secure.
Finally, please subscribe to our newsletter (below), and we promise to keep you updated with news and tutorials on how to use the PPTP protocol. Plus, you will make a Transylvanian baby-bat very happy. 😃
About the Author
Adrian Roman
Long-time VPN, proxy, and Smart DNS user, ibVPN co-founder, ex-ibVPN Product Manager, data security researcher.