What Is PPTP: Point-to-Point Tunneling Protocol

A protocol that helped pave the way for modern VPNs

Router with RJ45 cables

Teeraphon Phooma/EyeEm/Getty Images

PPTP, aka Point-to-Point Tunneling Protocol, is a network protocol mostly used with Windows computers. Nowadays, it's considered obsolete for use in VPNs (virtual private networks) due to its many known security issues. For example, the NSA can easily crack PPTP. That said, PPTP is still in use in certain networks, especially those using Windows computers.

Here's a closer look at PPTP, where it came from, and how it's being used today.

A Brief History of PPTP

PPTP is a network tunneling protocol that was developed in 1999 by a vendor consortium formed by MicrosoftAscend Communications (today part of Nokia), 3Com, and others.1 PPTP was designed to improve on its predecessor PPP (Point-to-Point Protocol), a data link layer (Layer 2) protocol designed to connect two routers directly.

While it's considered a fast and stable protocol for Windows networks, PPTP is no longer considered secure. Luckily, PPTP has been superseded by safer and more secure VPN tunneling protocols, including OpenVPN, L2TP/IPSec, and IKEv2/IPSec.

How PPTP Works

PPTP is an outgrowth of PPP, and as such, is based on its authentication and encryption framework. Like all tunneling technologies, PPTP is used to encapsulate data packets, creating a tunnel for data to flow through across an IP network.

PPTP uses a client-server design (the technical specification is contained in Internet RFC 2637) that operates at Layer 2 of the OSI model. Once the VPN tunnel is established, PPTP supports two types of information flow:

  • Control messages for managing and eventually tearing down the VPN connection. Control messages pass directly between VPN client and server.
  • Data packets that pass through the tunnel, i.e. to or from the VPN client.

Users can obtain the PPTP VPN server address information from their server administrator. Connection strings can either be a server name or an IP address, which administrators can provide to users directly.

PPTP Protocols

PPTP uses GRE (General Routing Encapsulation) tunneling to encapsulate data packets. It uses TCP port 1723 and IP port 47 through the Transport Control Protocol (TCP). As far as encryption goes, PPTP supports up to 128-bit keys, and utilizes MPPE (Microsoft Point-to-Point Encryption).

Tunneling Modes: Voluntary and Compulsory

There are two types of tunneling supported by PPTP:

  • Voluntary Tunneling: A type of tunneling that is initiated by the client (i.e Microsoft Windows) on an existing connection with a server.
  • Compulsory Tunneling: A type of tunneling initiated by the PPTP server at the ISP, which requires the remote access server to create the tunnel.

Is PPTP Still Being Used?

In spite of its age and security shortcomings, PPTP is still used in some network implementations — mostly internal business VPNs in older offices. The advantages of PPTP are that it's easy to set up, it's fast, and because it's built-in on most platforms, you don't need any special software to use it. All you need to set up a connection are your login credentials and a server address.

However, the fact that it's easy to use doesn't mean you should use it, especially if having a high level of security is important to you. In that case, you should use a more secure protocol for your VPN network, such as OpenVPN, L2TP/IPSec, or IKEv2/IPSec.

1 https://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#History