Kat Aoki. Freelance Contributor. Kat Aoki has nearly 10 years worth of professional IT and troubleshooting experience. She currently writes digital content for technology companies in the U. Updated on July 09, Tweet Share Email.
Was this page helpful? Thanks for letting us know! Email Address Sign up There was an error. Please try again. You're in! Thanks for signing up. Between the client and the remote access switch flow PPP packets that are surrounded by the PPP protocol-specific frames being delivered. Finally, the packet gets a delivery header before going out of the switch. It then handles the PPP connection as it normally would if the user were coming in over a modem connection.
The RAS server validates the PPP client using whatever authentication method is required on the RAS server: Microsoft encrypted authentication, encrypted authentication, or any authentication type including clear text. Figure is a diagram of those protocol layers that are active during each portion of the connection for dialing into ISPs that support PPTP.
The only change would be in step 2. Although this outlines how a PPTP call is initially placed, communication between the client and server proceed in the same order of encapsulation. The main difference is that authentication no longer needs to take place. Like most security systems, PPTP has two components: authentication to prevent improper connections, and encryption for data sent once the connection is made. This section discusses the options you have: standard encrypted authentication, Microsoft- enhanced encrypted authentication, and allowing any type of authentication.
Your choice will determine how secure your VPN will be. The algorithm uses mathematical formulas and random factors to come up with a hash value. The hash value is sent across the connection to the server.
The server compares the value the server sent to its own calculation of the hash value. If the two values match, the connection is authenticated. If not, the connection is terminated. Note Internet draft documents should be considered as a "works in progress. This document is for network administrators, support personnel, and developers who need to understand how PPTP can be used to provide low-cost remote access solutions.
Computers running these operating systems can use the PPTP protocol to securely connect to a private network as a remote access client by using a public data network such as the Internet. PPTP simplifies and reduces the cost of deploying an enterprise-wide, remote access solution for remote or mobile users because it provides secure and encrypted communications over public telephone lines and the Internet.
The following section describes a typical PPTP scenario using these computers, explains how they relate to each other, and fully defines each of these components.
Clients using computers running Windows NT Server version 4. Network access servers are also referred to as front-end processors FEPs , dial-in servers, or point-of-presence POP servers. Once connected, the client can send and receive packets over the Internet. This is shown in the following figure:. Tunneling is the process of sending packets to a computer on a private network by routing them over some other network, such as the Internet.
The other network routers cannot access the computer that is on the private network. However, tunneling enables the routing network to transmit the packet to an intermediary computer, such as a PPTP server, that is connected to the both the routing network and the private network. Both the PPTP client and the PPTP server use tunneling to securely route packets to a computer on the private network by using routers that only know the address of the private network intermediary server.
When the PPTP server receives the packet from the routing network, it sends it across the private network to the destination computer. Because the PPTP server is configured to communicate across the private network by using private network protocols, it is able to read multi-protocol packets.
The following figure illustrates the multi-protocol support built-into PPTP. A computer that supports the PPTP network protocol, e. The first connection is a dial-up connection using the PPP protocol over the modem to an Internet service provider.
The second connection requires the first connection because the tunnel between the VPN devices is established by using the modem and PPP connection to the Internet. The exception to this two-connection requirement is using PPTP to create a virtual private network between computers physically connected to the private enterprise network LAN. The ISP network access servers are designed and built to accommodate a high number of dial-in clients.
It is a lightweight, fast protocol that works across nearly all operating systems. But PPTP is not without flaws. The encryption Cipher is outdated and known to be vulnerable to brute force attacks by sophisticated actors such as the NSA or even talented hackers. PPTP is a protocol for implementing a virtual private network connection.
According to security researchers and Wikipedia , PPTP is an obsolete protocol there are better, more secure alternatives. All Point-to-Point Tunnels use bit encryption. Unfortunately even amateur hackers now have access to tools that can extract the password from the key exchange , compromising the entire VPN session.
0コメント