What is PPTP? The obsolete protocol explained

Anton P. | March 16, 2021

Point-to-Point Tunneling (PPTP) is now a mostly obsolete network protocol, outranked by more reliable counterparts like IKEv2 or OpenVPN. Each of them helps build the foundation for a VPN, also known as the tunnel for secure communications. However, PPTP appears to have been a stepping stone, laying the groundwork for more advanced networking standards. Currently, PPTP rarely plays a key role in functionality behind Virtual Private Networks. The motive for moving away from this protocol has involved the concerns over the security it provides.

Origins of PPTP and its functionality

PPTP is one of the earliest VPN protocols, developed in the 1990s. At that time, Microsoft, 3com, Ascend Communications, and other companies banded together to improve PPP (Point-to-Point Protocol). Thus, the purpose of PPTP was to work in conjunction with PPP and its underlying mechanisms. Therefore, the improved protocol essentially served as a carrier to PPP. It means that PPTP introduced the tunneling aspect, allowing the encapsulation of PPP packets. It operates at Layer 2 (data link layer) of the OSI model.

So, the PPTP protocol is responsible for creating tunnels between two points. Typically, it relates to secure communications between users’ devices and remote networks. Then, the tunnel serves as a secure pathway for the encrypted data to flow. The protocol builds the encrypted tunnels between two points using TCP port 1723 and Generic Routing Encapsulation (GRE). For years, PPTP remained a somewhat strong contender when it came to building these secure links. Some entities might continue integrating it due to its relatively simple setup and high compatibility. However, experts limit the use of PPTP to situations where privacy and security are not the top priorities.

Why is PPTP obsolete?

The security of PPTP ranks low at the scale overall. Since its inception, researchers have underlined gaps in this protocol. For one, the authentication mechanisms equipped are far from foolproof. In 2004, experts noted them to be highly susceptible to a password-cracking tool called ASLEAP. However, concerns over the MS-CHAP-v1/v2 authentication mechanism surfaced long before that. Specialists emphasized the potential of credential theft via dictionary attacks.

Furthermore, PPTP is not the top-notch selection when it comes to guaranteeing the integrity of tunneled data. MPPE (Microsoft Point-to-Point Encryption) is the technique for encrypting information that traverses through PPTP tunnels. To be more specific, MPPE-128 is the encryption strategy employed (RC4 with 128-bit key). Multiple vulnerabilities have plagued the data-scrambling technique taken here. RC4 and the lack of data integrity validation (such as HMAC) also make data susceptible to bit-flipping attacks. The latter means that perpetrators could alter PPTP packets.

Overall, this protocol’s inner-dealings and its vulnerable routine make it incapable of safely transmitting large volumes of data. Thus, experts claim that this protocol has reached the end of its lifespan. Its use in VPN infrastructure is incredibly questionable. After all, the main purpose of VPN tools is to protect the data traveling online. If the tunneling protocol chosen is vulnerable by nature, there is no way of guaranteeing that.

Some could argue that the PPTP speed is a sufficient compensation for its glaring security problems. On the one hand, this protocol indeed is one of the fastest options available. However, even though other tunneling methods might present less robust performance, choosing a protocol based solely on its speed is inadvisable.

What replaces PPTP?

In this era of innovation, many VPN providers abandon PPTP and choose more secure tunneling protocols. Thus, tools will likely use IKEv2, OpenVPN, or SSTP. These counterparts support modern encryption such as AES-256 and others. Many of them deliver a higher level of protection. Additionally, their implementation has advanced so much that it makes a minimal impact on the speed users receive.

Some providers could still offer PPTP through manual configuration. However, it is rare to witness a VPN choosing this outdated protocol as the main tunneling method. If it does, users should treat it as a red flag and consider other options available on the market.

Atlas VPN uses IPSec/IKEv2 mechanism to build tunnels for the secure data flow. This combination guarantees the best of both worlds (security and speed-wise). Thus, you are less likely to notice any significant performance drops or inconsistencies. If you do, it might relate to the current server load, which you can swiftly fix by connecting to a different server. We also implement AES-256 encryption, technology governments and security experts rely on for protecting confidential data. Thus, this is potentially the best setup out there, but we continuously improve both the user experience and security.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.