Taking a Closer Look at PPTP

Microsoft VPN makes use of existing corporate backbones, SNA backbones and Internet backbones as "virtual WANs." In the case of PSTN, ISDN, and X.25, a remote access client establishes a point-to-point connection with a RAS server over a switched network. Once the connection is established, network packets are sent over the switched connection to the RAS servers for routing to the destination LAN.

Combining PPP and IP

The PPTP protocol is built upon the well-established Internet communications protocol of PPP (Point-to-Point Protocol ), and TCP/IP (Transmission Control Protocol/Internet Protocol). PPP is multiprotocol, offers authentication, and also offers methods of privacy and compression of data. IP is routable, and has an Internet infrastructure. PPTP allows a PPP session to be tunneled through an existing IP connection, no matter how it was set up. An existing connection can be treated as if it were a telephone line, so a private network can run over a public one.

Tunneling is achieved because PPTP provides encapsulation by wrapping packets of information (IP, IPX, or NetBEUI) within IP packets for transmission through the Internet. Upon receipt, the external IP packets are stripped away, exposing the original packets for delivery. Encapsulation allows the transport of packets that will not otherwise conform to Internet addressing standards.

A rough analogy is someone in a branch office addressing an interoffice mail envelope to "Bill Smith, Marketing," and then dropping it into the U.S. mail, hoping it would be delivered to Bill Smith in the home office. PPTP encapsulation essentially wraps the interoffice mail envelope into a standardized envelope that carries the home office's exact (DNS) address. Once it arrives at the home office, the standardized envelope is removed, and the original interoffice envelope's addressing is sufficient for final delivery. Of course, PPTP does much more than simply deliver messages. Once a PPTP link has been established, it provides its user with a virtual node on the corporate LAN or WAN.

PPTP uses an enhanced Generic Routing Encapsulation (GRE) protocol in transporting PPP packets.

Encryption is used for encapsulated data. An authentication protocol is used to verify users' identities before granting access.

Coordinating Data Transmission

PPTP tunneling makes use of two basic packet types—data packets and control packets. Control packets are used strictly for status inquiry and signaling information. Control packets are transmitted and received over a TCP connection. When a link is established between a Windows NT Server and a front-end processor (FEP), they will use a single TCP connection for the control channel. Data packets contain the user data that must be sent to or received from the LAN or WAN. Data packets are PPP packets encapsulated using the Internet Generic Routing Encapsulation Protocol Version 2 (GRE V2).

When two computers want to talk to each other, they ask for permission to send IP traffic, establishing the compression scheme and encapsulation method to be used. This "handshaking" makes sure the computers know how to talk to each other.

During transmission, data can be divided into small IP packets, framed with a PPP header, and sent across the network, with PPP providing serialization to detect if a packet is lost.

Coordination of data transmission is enhanced with the PPTP protocol, which performs the following tasks: