Point-to-Point Tunneling Protocol

from Wikipedia, the free encyclopedia

The Point-to-Point Tunneling Protocol ( PPTP ) is a network protocol that is based on the Internet Protocol and is used to set up a Virtual Private Network (VPN) in a computer network . The encryption process has been considered broken and insecure since 2012.

A VPN is created using PPTP by creating a tunnel for the point-to-point protocol . It leaves room for every conceivable form of authentication and encryption . The initialization takes place via TCP port 1723 and the data flow control is then based on Generic Routing Encapsulation (GRE).

PPTP was developed by a manufacturing consortium that included 3Com and Microsoft . In June 1996 it submitted the first draft to the Internet Engineering Task Force . The first implementation was part of Microsoft Windows NT 4.0 and was also available for Windows 95 .


In 1998, security expert Bruce Schneier published an analysis of Microsoft's implementation that uncovered a number of vulnerabilities. Most of them were not based on the actual implementation of PPTP, but on the implementation of authentication and encryption. Neither of the two had to be overcome in order to trigger a blue screen via PPTP . Microsoft immediately improved both the implementation of the Challenge Handshake Authentication Protocol and the Microsoft Point-To-Point Encryption , but the fact that the user determines how secure both are based on the quality of his password .

In 2012, encryption expert Moxie Marlinspike presented a website that should be able to crack any VPN and WLAN connections within a day. The magazine c't was able to use the procedure successfully and therefore spoke of the "death knell for PPTP".


Since PPTP was published as RFC 2637 in 1999 , it has been implemented for almost all operating systems. Among other things, there is a PPTP client for OpenBSD , FreeBSD , NetBSD , macOS and iOS . Linux supports PPTP since kernel version 2.0. Many modern routers and firewalls have an integrated PPTP server.

In Austria, Italy, Belgium and the Netherlands, among others, the PPTP protocol is used above PPP over ATM for DSL connections. In Germany and Switzerland, however, PPP over Ethernet is mostly used.

Individual evidence

  1. Divide and Conquer: Cracking MS-CHAPv2 with a 100% success rate . Cloudcracker.com. July 29, 2012. Archived from the original on March 16, 2016. Retrieved on September 7, 2012.
  2. Marlinspike demos MS-CHAPv2 crack . The Register . July 31, 2012. Retrieved September 7, 2012.
  3. Bruce Schneier, Peiter Zatko: Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP) (PDF; 152 kB) Retrieved on March 28, 2010.
  4. Understanding PPTP (Windows NT 4.0) . Microsoft. Retrieved March 28, 2010.
  5. Bruce Schneier, Peiter Zatko: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) . Retrieved March 28, 2010.
  6. Jürgen Schmidt: The fatal blow for PPTP. CloudCracker in a self-experiment . Retrieved September 25, 2012.
  7. Point-to-Point Tunneling Protocol (PPTP) . Cisco . Retrieved March 28, 2010.


  • RFC 2637 - Point-to-Point Tunneling Protocol (PPTP)