PPTP - Point to Point Tunneling Protocol

Daily Life In Tehran - Using VPN to Access Social Media
Daily Life In Tehran - Using VPN to Access Social Media. Kaveh Kazemi / Getty Images

PPTP (Point-to-Point Tunneling Protocol) is a network protocol used in the implementation of Virtual Private Networks (VPN). Newer VPN technologies like OpenVPN, L2TP and IPsec may offer better network security support, but PPTP remains a popular network protocol especially on Windows computers.

How PPTP Works

PPTP uses a client server design (technical specification contained in Internet RFC 2637) that operates at Layer 2 of the OSI model.

 PPTP VPN clients are included by default in Microsoft Windows and also available for both Linux and Mac OS X.

PPTP is most commonly used for VPN remote access over the Internet. In this usage, VPN tunnels are created via the following two-step process:

  1. The user launches a PPTP client that connects to their Internet provider
  2. PPTP creates a TCP control connection between the VPN client and VPN server. The protocol uses TCP port 1723 for these connections and General Routing Encapsulation (GRE) to finally establish the tunnel.

PPTP also supports VPN connectivity across a local network.

Once the VPN tunnel is established, PPTP supports two types of information flow:

  • control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
  • data packets that pass through the tunnel, to or from the VPN client.

Setting Up a PPTP VPN Connection on Windows

Windows users create new Internet VPN connections as follows:

  1. Open Network and Sharing Center from the Windows Control Panel
  2. Click the "Set up a new connection or network" link
  3. In the new pop-up window that appears, choose the "Connect to a workplace" option and click Next
  4. Select the "Use my Internet connection (VPN)" option
  5. Enter address information for the VPN server, give this connection a local name (under which this connection setup is saved for future use), change any of the optional settings listed, and click Create

    Users obtain the PPTP VPN server address information from the server administrators. Corporate and school administrators provide it to their users directly, while public Internet VPN services publish the information online (but often limit connections only to subscribing customers). Connection strings can be either a server name or IP address.  

    After a connection is set up the first time, users on that Windows PC can re-connect later by selecting the local name from the Windows network connection list.

    For business network administrators: Microsoft Windows provides utility programs called pptpsrv.exe and pptpclnt.exe that help verify whether the network's PPTP setup is correct.

    Using PPTP on Home Networks with VPN Passthrough

    When on a home network, VPN connections are made from the client to a remote Internet server via the home broadband router. Some older home routers are not compatible with PPTP and do not allow the protocol traffic to pass through for VPN connections to be established. Other routers allow PPTP VPN connections but can only support one connection at a time. These limitations stem from the way PPTP and GRE technology works.

    Newer home routers advertise the feature called VPN passthrough that indicates its support for PPTP.

    A home router must have PPTP port 1723 open (allowing connections to be established) and also forwarding for GRE protocol type 47 (enabling data to pass through the VPN tunnel), setup options that are made by default on most routers today. Check the router's documentation for any specific limitations of VPN passthrough support for that device.

    More From Us