Microsoft Corporation
July 1996
Updated October 1996
What does PPTP do for me? What benefits does it deliver?
When and how is PPTP made available?
Why did Microsoft develop PPTP?
How can organizations be assured of security in communication across the Internet?
What encryption scheme is used with PPTP?
How does PPTP compare to firewall technology? How does this work with firewalls?
Will my organization need to re-address our network to make use of PPTP?
How can an ISP provide this technology to their customers?
Is PPTP proprietary Microsoft technology?
What types of connectivity will PPTP support?
Point-to-Point-Tunneling Protocol (PPTP) is a new networking technology that supports multiprotocol virtual private networks (VPN), enabling remote users to access corporate networks securely across the Internet. Using PPTP, remote users can employ the Microsoft® Windows NT® Workstation and Windows® 95 operating systems and other point-to-point protocol (PPP)–enabled systems to dial into a local Internet service provider to connect securely to their corporate network via the Internet.
PPTP enables a low-cost, private connection to a corporate network via the public Internet. This is particularly useful for people who work from home or people who travel and must access their corporate networks remotely to check e-mail or perform other activities. Rather than dial a long-distance number to remotely access a corporate network, with PPTP, a user could dial a local phone number using V.34 modem or ISDN for an Internet service provider point of presence. That PPTP session could provide a secure connection through the Internet back to the corporate network. The local call would connect into a hardware device (Front-End Processor—FEP) that is situated in the same city as the user. The FEP would then connect to an NT Server located in a different city via a WAN such as Frame Relay or X.25. The FEP does this by taking PPP packets from the end user and tunneling them through the WAN. And because PPTP supports multiple protocols (IP, IPX, and NetBEUI), it can be used to access a wide variety of existing LAN infrastructures.
PPTP is also easy and inexpensive to implement. Many organizations would like to outsource dial-up access to their corporate backbones in a manner that is cost effective, hassle free, protocol-independent, and secure and one that requires no changes to the network addressing that is in place today. Virtual WAN support using PPTP over IP backbones is one very effective way to do this.
Finally, PPTP also enables dense communications front-ends to Windows NT Server for V.34 and ISDN. Communications hardware available for supporting dial-up needs is still not as well integrated as one would like. Putting together a dense Windows NT RAS server requires modems from one company, serial controllers from another company, and lots of cables and associated headaches. Furthermore, these solutions do not provide a single integrated way to support V.34 and ISDN dial-up. Using PPTP, dense and integrated communications solutions can be made to act as FEPs across a LAN to Windows NT Servers, thus enabling easy-to-handle dense RAS server configurations that are well integrated with the Windows NT network operating system environment.
People who work in remote offices, from their homes, or on the road, who need access to their corporate LANs. LAN administrators benefit from the ease of implementation and peace of mind that PPTP's security offers. In addition, LAN administrators benefit from cost savings related to equipment purchase, carrier service, and ongoing administration/maintenance. PPTP enables Internet Service Providers (ISPs) who can use PPTP to provide an added-value service and point of differentiation for their customers. Developers of firewalls and other Internet access products also benefit from PPTP's additional, complementary security features.
PPTP is included at no additional cost in Windows NT Server 4.0 and Windows NT Workstation 4.0. Microsoft intends to provide PPTP support for Windows 95 early in 1997. Microsoft has also made sample PPTP source code available to third parties so that Windows 3.1 PPP vendors can support PPTP if they wish. A variety of hardware systems that enable PPTP are also becoming available, so customers can begin taking advantage of PPTP's low-cost security very soon. Because many ISPs are expected to upgrade their points of presence to support PPTP, you may soon be able to take advantage of PPTP through your ISP without having to change any setup in your client PC.
Today, businesses have to change their existing network addressing schemes to make this happen, especially if they've set up their network addresses without reserving those addresses. Also, today remote users cannot access heterogeneous corporate networks including IPX/SPX or NetBEUI. With PPTP, businesses can let their remote users access heterogeneous corporate networks without changing existing network addresses. By tunneling PPP, we also enable the corporate LAN administrators to expediently add/remove network access for their employees without incurring delays if this access was managed centrally by the ISP. In other words, the LAN administrator retains control of who is granted remote access to the corporate network and can administer this access efficiently—this gives LAN administrators great peace of mind.
When we first designed RAS, we foresaw the need to support, from a remote access perspective, the notion of a "virtual WAN." In other words, we realized that there may be merit in treating existing corporate backbones, SNA backbones as well as the Internet backbone as "virtual WANs" in a manner similar to how we regard the PSTN, ISDN, and X.25. A WAN or a "virtual WAN" to RAS is merely a bit pipe. In the case of PSTN/ ISDN/X.25, a remote access client establishes a point-to-point connection with a RAS server over a switched network and once the connection is established, network packets (in our case, PPP packets) are sent over the switched connection to the RAS servers to be routed to the destination LAN. In the case of "virtual WANs," instead of using a switched connection to send packets over the WAN, a transport level session (TCP/IP or NetBIOS) is used to send the PPP packets to the RAS server over the "virtual WAN."
Authentication of users is done using the existing authentication protocols in Windows NT Remote Access Service (RAS)—PAP and CHAP. MS-CHAP supports MD4 hash as well as the DES scheme used in LAN Manager. Additional authentication can be performed by the Internet Service Provider at the point of presence, if desired. Data encryption is performed using the encryption protocols in RAS—RSA RC4. By evolving Microsoft's Remote Access Services (RAS) we leverage earlier work on compression, encryption, and integration with Windows NT administration model and tools. For example, leveraging encryption support in RAS, PPTP provides secure access across the Internet without introducing a key distribution problem since the shared secret—that is, a hashed form of the user credentials—is available at both ends.
PPTP makes use of the security provided through PPP. MS-CHAP (PPP authentication) is used to validate the user credentials against Windows NT domains and the resulting session key is used to encrypt user data. Microsoft's implementation of CCP (Compression Control Protocol) has a bit that is used to negotiate encryption. RAS clients can request to connect only with encryption enabled. The RAS server can be configured to allow only encrypted RAS sessions. By the way, we expect most Windows NT RAS servers connected to the Internet to be configured to allow only encrypted connections. RAS inherently supports a shared secret between the RAS client and the RAS server—essentially, a user-supplied password at the client to derive the same MD4 hash as that stored password stored in the Windows NT security database at the server. By using this shared secret between the RAS client and the RAS server, we are able to elegantly solve a major encryption problem: key distribution. If encryption is negotiated, RSA RC4 is used with a 40-bit session key derived as a result from the earlier user authentication. Microsoft will also offer 128-bit encryption for RAS in the United States, as governed by export law. 128-bit encryption for RAS for the U.S. product is planned for release in a service pack and encryption pack in late November 1996.
No. The overhead that you see on SSL is typically due to factors other than just the bulk encryption. RC4 has an overhead of 14 instructions per byte, which makes it one of the faster stream ciphers available. RAS, and thus PPTP, has the advantage that the encryption is taking place in kernel mode, in line with the rest of the RAS functionality. SSL has performance degradation for two reasons: (1) the private key operation takes about 85ms of real CPU time to set up the connection, and (2) afterwards, the stream encryption is done in user mode, then passed to the sockets layer, as opposed to their general path of calling TransmitFile() and letting most of the work take place in the kernel.
PPTP complements firewalls and addresses a different security need. Firewalls ensure corporate network security by strictly regulating data that comes in from the Internet. PPTP ensures security of data exchanged between remote users and the corporate network. An organization can deploy a Windows NT RAS server between its firewall and the Internet. The Windows NT Server system would recognize PPTP packets coming in from the remote user across the Internet and send TCP/IP, IPX/SPX, or NetBEUI packets to the firewall. The firewall would then continue to provide the same security as it would do in the absence of PPTP.
PPTP can be deployed in one of two ways. In one approach, the client machine and the server machine use the PPTP drivers, and all encryption is done on the client, and the decryption is done on the Server. In this instance, no changes need to be made by the ISP for a customer to implement this solution. As an alternative, the ISP installs PPTP-capable dial platforms or front-end processors. In this instance, any PPP client that calls in, not just ones that understand PPTP, can establish a encrypted PPTP connection back to the corporation's PPTP server. These two alternatives to enable a PPTP solution provide customers with a great deal of flexibility. In the original Microsoft announcement of PPTP, four of the major providers of this equipment, and a major Internet service provider, UUNET, announced support for PPTP. The providers are Ascend, 3Com, Telematics, and U.S. Robotics.
No. Because PPTP simply tunnels PPP packets, you avoid having to re-address your networks. With PPTP, it is possible for an ISP to serve two or more organizations that both use the same IPX network number. Similarly, with IP-based networks, PPTP enables an ISP to serve an organization with private network addressing schemes that conflicts with IANA addresses assigned to some other organization. This is a major benefit PPTP offers, because re-addressing an entire network can be a significant task.
An ISP will need to add/upgrade software in their existing remote access servers. Some of the leading suppliers of remote access server hardware systems have committed to or are already delivering PPTP support. For example, 3Com, Ascend, ECI Telematics, and U.S. Robotics all have working prototypes of this technology, and most have implemented this PPTP in their existing remote access servers. An ISP that performs this point-of-presence upgrade would provide an important benefit to its customers, as those customers would immediately be able to take advantage of PPTP's VPN features with no remote client or corporate server changes.
Yes. PPTP is built into Windows NT Server which is an open platform that supports heterogeneous protocols, including IPX and NetBEUI. In addition to supporting encrypted PPP links across the Internet, the PPTP-based solution will also enable the Internet to become a backbone for carrying IPX as well as NetBEUI remote access traffic—that is, PPTP provides a solution that is not tied to IP-based LANs only.
Any device that implements PPTP (and the specification is published on the Internet today) can communicate with any other PPTP server, whether it is, for example, UNIX-based or Windows NT–based.
The PPTP specification includes support for this capability; however, the initial PPTP release with Windows NT Server 4.0 will support only dial-up users—that is, client PCs. In a future release, Microsoft plans to extend PPTP support to include LAN to a LAN across the Internet.
No, PPTP is not proprietary. PPTP builds upon two fundamentally important Internet standards supported by the Internet Engineering Task Force (IETF): IP and PPP. In other words, it is a natural evolution from PPP and IP. Microsoft developed PPTP with several of the leading communication hardware developers; the spec is available on the Internet and sample code is available. Microsoft and the other PPTP supporters have also introduced PPTP to the IETF. In addition, we are looking at ways in the future for PPTP to work with other emerging technologies, such as IPSEC. As background, the IETF model is to spec, have two working implementations, and then let the spec take its own course. Microsoft and the other firms supporting PPTP have every intention to follow this process.
PPTP is evolutionary from a RAS perspective. PPTP supports a variety of wide area network configurations: analog phone lines or ISDN via the public switched telephone network (PSTN), frame relay, and x.25.