Microsoft's Point-to-Point Tunneling Protocol (PPTP) is a network protocol for creating Virtual Private Networks. VPNs are virtual because they use software to form a connection over a public network (typically the Internet). VPNs are private because they encrypt the data they carry to prevent other users from reading the data as it traverses a public network. VPNs can tunnel or encapsulate other network protocols (e.g., IPX, NetBEUI) within the TCP/IP protocol.
VPNs can form permanent or dial-up connections between sites. To establish a permanent PPTP connection, you need to use Windows NT's Routing and Remote Access Service (RRAS) add-on. You typically use VPNs in dial-up situations in which an end user manually establishes a VPN to temporarily connect to a remote network. For example, an offsite employee might connect to the Internet through an Internet Service Provider (ISP) and then use a VPN to make a secure connection to the corporate office. PPTP lets you use inexpensive Internet links to create secure connections (dial-up or dedicated) between computers. I discuss only dial-up PPTP usage in this article.
PPTP is not the only network protocol you can use to create VPNs, but it is easy to acquire and use. NT, Windows 95, and Win98 include PPTP for free. You can obtain versions for Windows 3.1, Windows 3.11, and Macintosh from Network Telesystems (http://www.nts.com) and a Linux client (http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP). Thus, you can use PPTP to create VPNs among various OSs.
In this article, I describe how to configure PPTP on common Windows platforms and how to verify PPTP operation. (For more information about installing PPTP, see Douglas Toombs, "Point-to-Point Tunneling Protocol," June 1997.)
Configuring RAS as a PPTP Server
PPTP requires Remote Access Service (RAS), even if you are not using a modem or ISDN adapter. PPTP piggybacks on many RAS operations and functions, regardless of whether you use it with dial-up or permanent network connections.
PPTP requires special RAS server settings. Open Control Panel, and start the Network applet. Select Services, Remote Access Service. Then, select one of the VPN ports, and click Network. (Which VPN port you select does not matter, because they all have the same settings.) The encryption settings determine which Point-to-Point Protocol (PPP) authentication mechanisms the PPTP server accepts. The Require Microsoft encrypted authentication setting lets you use only Microsoft's Challenge Handshake Authentication Protocol (CHAP). MS CHAP uses a different encryption scheme than regular CHAP uses, and MS CHAP is the only authentication protocol that PPTP accepts. If you want to encrypt the tunneled connection, you must select Require data encryption. If you do not select this option, the data traversing the tunneled connection is not encrypted--Ânegating one of PPTP's most useful features.
PPTP Configuration
PPTP comes in two versions: 40-bit and 128-bit encryption. NT, Win95, and
Win98 include the 40-bit version. The 128-bit version provides more secure
encryption. You can download the 128-bit version of PPTP for NT, Win95, and Win98 from Microsoft's Web site at http://mssecure.www.conxion.com/cgi-bin/ntitar.pl. (For information about this download site, see Sean Daily, "NT Server Security Checklist, Part 2," October 1998.)
After installing PPTP and RAS, you need to apply (or reapply) the 40-bit or 128-bit version of Service Pack 3 (SP3). Using the 128-bit version is preferable, because a 128-bit PPTP server can accept incoming connections from 40-bit and 128-bit clients. You can download the 128-bit version of SP3 from Microsoft's Web site. If your site has encryption export restrictions, you can download the 40-bit version of SP3 from http://support.microsoft.com/download/support/mslfiles/nt4sp3_i.exe. The 40-bit version is also available on the NT 4.0 Option Pack CD-ROM, in the winntSP3 directory. If you use the 128-bit version of the PPTP client, you need to ensure that the PPTP server you are dialing into also uses the 128-bit service pack, or you will get only 40-bit encryption.
Configuring the NT PPTP Client
You can use the Dial-Up Networking (DUN) PPTP client to call a PPTP server. In most cases, you use DUN to make two connections (one to your ISP and one to a PPTP server). Each connection requires a DUN profile: one for a typical PPP connection and one for a PPTP connection that runs on top of the PPP connection. The first profile contains standard PPP settings such as modem type and telephone numbers. The second profile uses the VPN device (instead of a modem) and the IP address or hostname of the PPTP server (instead of a telephone number) to connect to the PPTP server. If you have already configured your ISP profile, you need to create the PPTP client profile.
Like the PPTP server, the PPTP client requires special settings. After you create the client profile, select Edit entry and modem properties from the More menu. In the Security tab, you must select Accept only Microsoft encrypted authentication and Require data encryption for PPTP to work correctly and encrypt your data. To test the connection, initiate the connection to your ISP in the typical manner. Then, dial the PPTP server. When the VPN is running, a small telephone icon with blinking lights appears in the taskbar. Double-click this icon to check your connection status or to disconnect the VPN.
If you will use the VPN frequently, use the Create shortcut to entry option in the More menu. If you selected Save password, you need to double-click the desktop shortcut to start the VPN. Using the menus to stop the VPN is cumbersome, so I created a hangup.bat file that contains the command line rasdial entryname /d. The Entry name is the name of the dial-up profile you created for PPTP. I created a shortcut for the hangup .bat file on my desktop, so I can start and stop the VPN with a double-click.
Configuring the Win95 PPTP Client
Unlike NT, Win95 PPTP clients have no control over encryption settings. The Require data encryption check box on the NT server determines whether a Win95 client uses encryption.
Win95 does not come with a PPTP client, but you can download PPTP from Microsoft's Web site. First, download the Microsoft Windows 95 Winsock Upgrade 1.2 file from http://www.microsoft.com/windows/downloads/bin/w95wsockupd.exe. Double-click the file to install it. Then, download the Dial-Up Networking 1.2 Upgrade file. You can download the 40-bit version from http://www.microsoft.com/communications/ pptpdownnow.htm or the 128-bit version from http://mssecure.www.conxion.com/cgi-bin/ntitar.pl. If you download the 128-bit version, you must select Windows 95 Dial-Up Networking Upgr 1.2b for x86 systems. Save the file with an .exe extension. You install both versions by double-clicking the file.
As with NT, you must dial in to an ISP with a PPP connection before you can connect to a remote PPTP server. To initiate the PPTP session, first dial the PPP session. After the PPP session is functioning, dial the PPTP session. If both sessions connect properly, you will have two DUN windows: one for each connection, as Screen 1, page 118, shows.
To hang up the PPTP connection from the command line, you can use the nhang32 utility. This utility is part of a freeware package called ndial32, which you can download from various sites on the Internet, including http://www.shareware.com.
As on NT, I created a hangup.bat file that contained the command line \windows\nhang32.exe entryname, with the entryname of tunnel. I then created a desktop shortcut to the batch file so that I can easily disconnect the PPTP session with a double-click.
Configuring the Win98 PPTP Client
Win98 includes PPTP, so you can easily install PPTP from the Win98 CD-ROM.
In Control Panel, open the Add/Remove Programs applet and select the Windows 98 Setup tab. Then, select Communications, Dial-Up Networking, Virtual Private Networking, General. You can use the DUN wizard to create a new profile for your PPTP server, as Screen 2, page 118, shows.
The Server Types tab has more options in Win98 than in Win95. You need to select Require encrypted password and Require data encryption, as Screen 3, page 118, shows, for the PPTP session to function properly.
When the PPTP session is running, Win98 displays more details about the connection than either Win95 or NT does. As Screen 4 shows, the Protocols list confirms that CHAP authenticated the PPTP session, Microsoft Point-to-Point Compression (MPPC) is compressing data sent over the PPTP link, and Microsoft Point-to-Point Encryption (MPPE) is encrypting the data. The Protocols list also shows which network protocols are running over the PPTP session.
Logging PPTP Information
The System event log records each attempt to connect to a PPTP server. (For information about NT's event logs, see Michael D. Reilly, "Windows NT Event Viewer," November 1998.) The System log tells you who is using PPTP and what type of encryption they are using (40-bit or 128-bit). If the client connects using 128-bit encryption, the log records a strong connection. The log does not generate a similar message (i.e., weak) for 40-bit connections. The log shows the username and port number for each successful connection, as Screen 5 shows. When you disconnect a PPTP session, the system logs a summary.
Examining Network Traffic
Verifying PPTP operation is simple. You can use various network analyzers to
confirm network traffic encryption and determine the type of encryption. For
example, the Microsoft Network Monitor listens on the network and captures
traffic between the PPTP client and server. Microsoft's Systems Management
Server (SMS) includes a complete version of Network Monitor. This version
listens for traffic between any computers on the network. (NT Server also
includes a limited version of Network Monitor that captures traffic only between
the computer running Network Monitor and other computers.)
Screen 6 shows a capture of a Telnet session running over an unencrypted network. The lower right pane shows the plain ASCII text, which typically includes the username and password (in plain text) at the beginning of the session.
Screen 7 shows a capture of Telnet traffic running over a PPTP session. The data is encrypted and looks like meaningless garbage. In addition, you cannot tell what type of protocol is in use. This security feature prevents a hostile user from basing an attack on previous knowledge of a particular application.
To understand how PPTP handles encryption and authentication, you need to be familiar with two Internet Engineering Task Force (IETF) documents: Microsoft Point-To-Point Encryption (MPPE) Protocol (ftp://ftp.ietf.org/internet-drafts/draft-ietf-pppext-mppe-02.txt) and Microsoft PPP CHAP Extensions (ftp://ftp .ietf.org/internet-drafts/draft-ietf-pppext-mschap-00.txt). Microsoft's Web site contains outdated versions of these documents. At press time, Microsoft announced pending availability of updated documentation. The documents describe the encryption scheme (MPPE) and authentication scheme (MS CHAP) that PPTP uses. Network engineers who want to implement PPTP and systems administrators who want to examine network traffic will find these documents useful.
The Microsoft Point-To-Point Encryption (MPPE) Protocol document describes how encryption is negotiated at the beginning of a PPTP session. You can use this information to verify the type of encryption (40-bit or 128-bit) in use on a PPTP session.
The section of the MPPE document you see in Figure 1, page 121, describes how the Compression Control Protocol (CCP) negotiates MPPE options. The PPTP server and client suggest encryption types to each other. If they find one that they both support, they agree to use it. If they fail to find a common scheme, they abort the PPTP session. The Type field identifies which CCP option negotiates encryption.
You can use this information to set up a Network Monitor filter that displays only the packets you are interested in (e.g., only CCP packets with a Configuration Option Type of 18), as Screen 8, page 121, shows. Start Network Monitor, and start the PPTP session. You can then capture the beginning of the PPTP session, where all options are negotiated. After you capture the packets you want, stop Network Monitor and PPTP. Then, apply the filter to the captured traffic. Screen 9 shows a packet I captured.
The relevant data in Screen 9 is the four octets (8-bit values) in hexadecimal form listed next to CCP: Values (i.e., 00 00 00 20). To decipher these numbers, consult the section of the MPPE document in Figure 2 (edited for clarity).
This description tells you to focus on the least significant octet, which is the right-most 8 bits. In my example packet in Screen 9, the L bit is set and has a value of 0x20 in hexadecimal form or 100000 in binary form, indicating 40-bit encryption.
For a 128-bit example, see Screen 10. In this packet, the S and C bits are set. The C bit has a value of 0x41 in hexadecimal form or 1000001 in binary form.
As the MPPE document excerpt in Figure 3 shows, the PPTP session tries to negotiate the strongest form of encryption first (128-bit) and reverts to 40-bit encryption if it is the only scheme that both ends support. If the encryption negotiation fails, the PPTP session fails.
Using Network Monitor or another network-analysis tool lets you verify the operation of software on your system. You do not have to take the vendor's word that your data is encrypting properly.
