What is PPTP (Point-to-Point Tunneling Protocol)?
7 min read
Point-to-Point Tunneling (PPTP) is one of the oldest VPN protocols that was widely used for creating secure, encrypted tunnels in the early 2000s. Developed by Microsoft in 1999, the point-to-point protocol presented an easy and effective way to encrypt communications. Let’s review the PPTP VPN protocol to understand its advantages and limitations.
Contents
What is PPTP?
The Point-to-Point Tunneling Protocol is the first networking protocol used for creating virtual private networks. At a glance, the PPTP offers everything most VPN protocols have, including authentication, VPN tunnel establishment, and data encryption.
However, despite being widely used in the nineties, the PPTP VPN protocol doesn’t live up to modern-day VPN technologies. It has significant security issues, making it vulnerable to certain types of attacks (e.g., bit-flipping). Let’s look at how it works to better understand where the security issues lie.
How PPTP works
As with all tunneling protocols, PPTP specifically builds a tunnel between two points. Once the PPTP connection is established, all data packets passed through are wrapped in an IP envelope and then sent to another router or machine, which will treat the data like an IP packet. It’s then decrypted and made accessible to the receiving party.
PPTP can handle two types of data flow: data packets and control messages. The control messages are made for managing the start and end of the encrypted connection. It’s a simple process that has been expanded upon and improved by every VPN protocol created since.
What are the advantages and disadvantages of the PPTP?
The PPTP doesn’t offer the strongest security, but it is relatively fast and easy to set up. Let’s look at the pros and cons of PPTP in more detail.
PPTP advantages
The PPTP VPN protocol is a simple and fast solution, making it a good choice for those prioritizing speed and efficiency. Here are the main pros of the Point-to-Point Tunneling Protocol.
- Easy to set up. Setting up a PPTP VPN is quick and simple, making it accessible to people without technical knowledge.
- Compatible with various operating systems. Because the Point-to-Point Tunneling Protocol is one of the oldest VPN protocols, it is widely supported by most operating systems (including Windows, macOS, and Linux).
- Speed and performance. The PPTP doesn’t have complex encryption processes, which is a security issue. However, because of the lack of complicated encryption and authentication processes, the PPTP delivers faster connection speeds and better performance.
PPTP disadvantages
Despite the ease of setting up and the fast speeds, point-to-point tunneling fails to deliver in the most important area — VPN security. Let’s review its main disadvantages.
- Weak security. The PPTP is no longer considered a secure VPN protocol. It doesn’t have adequate security measures, particularly when it comes to encryption. The PPTP uses Microsoft Point-to-Point Encryption (MPPE) with outdated algorithms vulnerable to cyberattacks. The most significant security vulnerability of the PPTP is that it relies on short encryption keys. The shorter the keys, the more susceptible the encryption to brute-force attacks.
- Poor authentication. The PPTP has countless authentication vulnerabilities. It uses a method called the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) for user authentication, which has many weaknesses and can be exploited in many ways.
- Firewall restrictions. Firewalls are security mechanisms that control and filter network traffic based on predefined rules. Because the PPTP lacks standardized VPN port numbers, it can easily get blocked by firewalls, leading to connectivity issues.
What is PPTP passthrough?
A PPTP passthrough (also known as a VPN passthrough) is a built-in router feature that allows VPN traffic to pass through and reach the VPN server. It helps connections like the PPTP and IPsec to travel through routers and firewalls without restrictions.
Many modern-day routers use NAT (network address translation) — a technique that translates private IP addresses into a single public IP address for privacy.
However, older protocols like the PPTP are not compatible with NAT, which may block PPTP connections. A PPTP passthrough solves this problem by adding a unique ID to PPTP traffic, which acts as a substitute for NAT.
As a result, PPTP traffic, which uses VPN ports that aren’t typically compatible with NAT, can travel through the router without being blocked.
The passthrough feature is only needed for outdated routers and protocols like the PPTP. Modern, more secure VPN protocols like OpenVPN, IKEv2, and WireGuard work with NAT with no issues.
How does a PPTP connection compare to other protocols?
Let’s compare the PPTP with the most common VPN protocols VPN providers use today.
PPTP vs. OpenVPN
OpenVPN is a widely-used VPN protocol offering strong and reliable encryption. Developed in 2001, OpenVPN is open source, meaning its code is publicly accessible. Several agencies have audited the code but haven’t detected any security flaws. Here’s how the PPTP compares with OpenVPN.
| PPTP | OpenVPN | |
|---|---|---|
Encryption | 128-bit encryption | Advanced AES-256 encryption |
| Speed | Generally faster due to less complex encryption | Can be slower due to complex encryption |
| Security | Has many security vulnerabilities and issues | Provides better and more reliable security |
| Stability | Generally stable, but IP changes may cause disruptions | Very stable and resilient to interruptions |
| Setup | Easy to set up | More difficult to set up |
PPTP vs. IKEv2
IKEv2 (Internet Key Exchange version 2) is a VPN protocol based on IPsec — a set of communication rules used to establish secure connections over a network. Various internet providers use IKEv2, including NordVPN. Here’s how the PPTP compares with IKEv2.
| PPTP | IKEv2 | |
|---|---|---|
Encryption | 128-bit encryption | Advanced AES-256 encryption |
| Speed | Generally faster due to less complex encryption | Can be slower due to advanced encryption |
| Security | Has many security vulnerabilities and issues | Provides better and more reliable security |
| Stability | Generally stable, but IP changes may cause disruptions | Stable and can reestablish a VPN connection quickly |
| Setup | Easy to set up | Relatively easy to set up with a VPN but difficult without one |
PPTP vs. L2TP
L2TP (Layer Two Tunneling Protocol) is an extension of the PPTP protocol used by ISPs to enable virtual private networks. Let’s look at the similarities and differences between the two protocols.
| PPTP | L2TP | |
|---|---|---|
Encryption | 128-bit encryption | Doesn’t provide encryption, only when combined with IPSec |
| Speed | Generally faster than L2TP | Slower than PPTP because it uses more CPU resources |
| Security | Has many security vulnerabilities and issues | More secure because it requires certificates for authentication |
| Stability | Generally stable, but IP changes may cause disruptions | Offers steady performance |
| Setup | Easy to set up | Easy to set up |
Is PPTP secure to use?
To summarize, a PPTP VPN doesn’t offer reliable online privacy and security. The protocol has many known security flaws and doesn’t provide robust encryption. Your VPN connection won’t be as safe and secure as with a different VPN protocol.
NordVPN discontinued the PPTP and L2TP in 2018 because these protocols weren’t meeting the company’s security and privacy standards. NordVPN uses next-generation encryption and industry-recognized protocols like OpenVPN and IKEv2/IPsec. Additionally, NordVPN has developed its own WireGuard-based NordLynx protocol that offers ultra-fast speeds without compromising your security and privacy.
