Point-to-point tunneling protocol
Encyclopedia
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private network
s. PPTP uses a control channel over TCP
and a GRE
tunnel operating to encapsulate PPP
packets.
The PPTP specification does not describe encryption
or authentication
features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows
product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN
products.
, Ascend Communications
(today part of Alcatel-Lucent
), 3Com
, and others. PPTP has not been proposed nor ratified as a standard by the IETF.
A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE
tunnel to the same peer.
The PPTP GRE packet format is non standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, like in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.
The GRE tunnel is used to carry encapsulated PPP packets, allowing the tunnelling of any protocols that can be carried within PPP, including IP
, NetBEUI
and IPX
.
In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP
, CHAP
, Microsoft CHAP V1/V2
or EAP-TLS
. The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2 or EAP-TLS. MPPE is described by RFC 3078.
since Windows 95
OSR2 are bundled with a PPTP client, although they are limited to only 2 concurrent outbound connections. The Routing and Remote Access Service
for Microsoft Windows
contains a PPTP server.
Microsoft Windows Mobile
2003 and higher also support the PPTP protocol.
Windows Vista
and later support the use of PEAP
with PPTP. The authentication mechanisms supported are PEAPv0/EAP-MSCHAPv2 (passwords) and PEAP-TLS (smartcards and certificates). Windows Vista removed support for using the MSCHAP-v1 protocol to authenticate remote access connections.
Linux server-side support for PPTP is provided by the PoPToP daemon and kernel modules for PPP and MPPE. The first PPTP implementation was developed by Matthew Ramsay in 1999 and initially distributed under the GNU GPL by Moreton Bay. However, Linux
distributions initially lacked full PPTP support because MPPE was believed to be patent encumbered
. Full MPPE support was added to the Linux kernel in the 2.6.14 release on October 28, 2005. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client.
Mac OS X
(including the version loaded on the iPhone
) is bundled with a PPTP client. Cisco
and Efficient Networks sell PPTP clients for older Mac OS
releases. Palm PDA
devices with Wi-Fi are bundled with the Mergic PPTP client.
Many different Mobile phones with Android as operating system support PPTP as well.
A summary of these vulnerabilities is below:
EAP-TLS
is seen as the superior authentication choice for PPTP; however, it requires implementation of a Public Key Infrastructure
for both client and server certificates. As such it is not a viable authentication option for many remote access installations.
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s. PPTP uses a control channel over TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
and a GRE
Generic Routing Encapsulation
Generic Routing Encapsulation is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.-Overview:...
tunnel operating to encapsulate PPP
Point-to-Point Protocol
In networking, the Point-to-Point Protocol is a data link protocol commonly used in establishing a direct connection between two networking nodes...
packets.
The PPTP specification does not describe encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
or authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
features and relies on the PPP protocol being tunneled to implement security functionality. However the most common PPTP implementation, shipping with the Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
product families, implements various levels of authentication and encryption natively as standard features of the Windows PPTP stack. The intended use of this protocol is to provide similar levels of security and remote access as typical VPN
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
products.
PPTP specification
A specification for PPTP was published as RFC 2637 and was developed by a vendor consortium formed by MicrosoftMicrosoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
, Ascend Communications
Ascend Communications
Ascend Communications was an Alameda, California-based manufacturer of communications equipment that was later purchased by Lucent Technologies in 1999....
(today part of Alcatel-Lucent
Alcatel-Lucent
Alcatel-Lucent is a global telecommunications corporation, headquartered in the 7th arrondissement of Paris, France. It provides telecommunications solutions to service providers, enterprises, and governments around the world, enabling these customers to deliver voice, data, and video services...
), 3Com
3Com
3Com was a pioneering digital electronics manufacturer best known for its computer network infrastructure products. The company was co-founded in 1979 by Robert Metcalfe, Howard Charney, Bruce Borden, and Greg Shaw...
, and others. PPTP has not been proposed nor ratified as a standard by the IETF.
A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE
Generic Routing Encapsulation
Generic Routing Encapsulation is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol internetwork.-Overview:...
tunnel to the same peer.
The PPTP GRE packet format is non standard, including an additional acknowledgement field replacing the typical routing field in the GRE header. However, like in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.
The GRE tunnel is used to carry encapsulated PPP packets, allowing the tunnelling of any protocols that can be carried within PPP, including IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
, NetBEUI
NetBEUI
NetBIOS Frames or NBF protocol is a non-routable network- and transport-level data protocol most commonly used as one of the layers of Microsoft Windows networking in the 1990s. NBF protocol or NetBIOS over IEEE 802.2 LLC is used by a number of network operating systems released in the 1990s, such...
and IPX
IPX
Internetwork Packet Exchange is the OSI-model Network layer protocol in the IPX/SPX protocol stack.The IPX/SPXM protocol stack is supported by Novell's NetWare network operating system. Because of Netware's popularity through the late 1980s into the mid 1990s, IPX became a popular internetworking...
.
In the Microsoft implementation, the tunneled PPP traffic can be authenticated with PAP
Password authentication protocol
A password authentication protocol is an authentication protocol that uses a password.PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. Almost all network operating system remote servers support PAP.PAP transmits unencrypted ASCII passwords...
, CHAP
Challenge-handshake authentication protocol
In computing, the Challenge-Handshake Authentication Protocol authenticates a user or network host to an authenticating entity. That entity may be, for example, an Internet service provider. CHAP is specified in RFC 1994....
, Microsoft CHAP V1/V2
MS-CHAP
MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exists in two versions, MS-CHAPv1 and MS-CHAPv2...
or EAP-TLS
Extensible Authentication Protocol
Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247....
. The PPP payload is encrypted using Microsoft Point-to-Point Encryption (MPPE) when using MSCHAPv1/v2 or EAP-TLS. MPPE is described by RFC 3078.
PPTP implementations
PPTP was the first VPN protocol that was supported by Microsoft Dial-up Networking. All releases of Microsoft WindowsMicrosoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
since Windows 95
Windows 95
Windows 95 is a consumer-oriented graphical user interface-based operating system. It was released on August 24, 1995 by Microsoft, and was a significant progression from the company's previous Windows products...
OSR2 are bundled with a PPTP client, although they are limited to only 2 concurrent outbound connections. The Routing and Remote Access Service
Routing and Remote Access Service
Routing and Remote Access Service is a Microsoft API and server software make it possible to create applications to administer the routing and remote access service capabilities of the operating system, to function as a network router, and developers can also use RRAS to implement routing protocols...
for Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
contains a PPTP server.
Microsoft Windows Mobile
Windows Mobile
Windows Mobile is a mobile operating system developed by Microsoft that was used in smartphones and Pocket PCs, but by 2011 was rarely supplied on new phones. The last version is "Windows Mobile 6.5.5"; it is superseded by Windows Phone, which does not run Windows Mobile software.Windows Mobile is...
2003 and higher also support the PPTP protocol.
Windows Vista
Windows Vista
Windows Vista is an operating system released in several variations developed by Microsoft for use on personal computers, including home and business desktops, laptops, tablet PCs, and media center PCs...
and later support the use of PEAP
Protected Extensible Authentication Protocol
The Protected Extensible Authentication Protocol, also known as Protected EAP or simply PEAP, is a protocol that encapsulates the Extensible Authentication Protocol within an encrypted and authenticated Transport Layer Security tunnel...
with PPTP. The authentication mechanisms supported are PEAPv0/EAP-MSCHAPv2 (passwords) and PEAP-TLS (smartcards and certificates). Windows Vista removed support for using the MSCHAP-v1 protocol to authenticate remote access connections.
Linux server-side support for PPTP is provided by the PoPToP daemon and kernel modules for PPP and MPPE. The first PPTP implementation was developed by Matthew Ramsay in 1999 and initially distributed under the GNU GPL by Moreton Bay. However, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
distributions initially lacked full PPTP support because MPPE was believed to be patent encumbered
Software patent
Software patent does not have a universally accepted definition. One definition suggested by the Foundation for a Free Information Infrastructure is that a software patent is a "patent on any performance of a computer realised by means of a computer program".In 2005, the European Patent Office...
. Full MPPE support was added to the Linux kernel in the 2.6.14 release on October 28, 2005. SuSE Linux 10 was the first Linux distribution to provide a complete working PPTP client.
Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
(including the version loaded on the iPhone
IPhone
The iPhone is a line of Internet and multimedia-enabled smartphones marketed by Apple Inc. The first iPhone was unveiled by Steve Jobs, then CEO of Apple, on January 9, 2007, and released on June 29, 2007...
) is bundled with a PPTP client. Cisco
Cisco Systems
Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, United States, that designs and sells consumer electronics, networking, voice, and communications technology and services. Cisco has more than 70,000 employees and annual revenue of US$...
and Efficient Networks sell PPTP clients for older Mac OS
Mac OS
Mac OS is a series of graphical user interface-based operating systems developed by Apple Inc. for their Macintosh line of computer systems. The Macintosh user experience is credited with popularizing the graphical user interface...
releases. Palm PDA
Palm (PDA)
Palm handhelds were Personal Digital Assistants which ran the Palm OS. Palm devices have evolved from handhelds to smartphones which run Palm OS, WebOS, and Windows Mobile...
devices with Wi-Fi are bundled with the Mergic PPTP client.
Many different Mobile phones with Android as operating system support PPTP as well.
Security of the PPTP protocol
PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment.A summary of these vulnerabilities is below:
- MSCHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.
- MSCHAP-v2 is vulnerable to dictionary attack on the captured challenge response packets. Tools exist to perform this process rapidly. http://www.willhackforsushi.com/Asleap.html
- When using MSCHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.
- MPPE uses RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.
EAP-TLS
Extensible Authentication Protocol
Extensible Authentication Protocol, or EAP, is an authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined in RFC 3748, which made RFC 2284 obsolete, and was updated by RFC 5247....
is seen as the superior authentication choice for PPTP; however, it requires implementation of a Public Key Infrastructure
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
for both client and server certificates. As such it is not a viable authentication option for many remote access installations.
See also
- OpenVPNOpenVPNOpenVPN is a free and open source software application that implements virtual private network techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for...
, open source software application that implements VPN - IPsecIPsecInternet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session...
- Layer 2 Tunneling Protocol
External links
- Windows NT: Understanding PPTP from Microsoft
- FAQ on security flaws in Microsoft's implementation, Bruce SchneierBruce SchneierBruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
, 1998 - Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2), Bruce SchneierBruce SchneierBruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
, 1999