Point-to-Point Tunneling Protocol (PPTP) is a VPN technology that was specified by a group of system vendors intended to promote easy VPN deployments. It exists in multiple implementations, which are vendor specific, such as Microsoft PPTP. The most commonly-used underlying mechanisms for authentication and encryption have been found highly vulnerable. Even after many attempts to fix issues in the PPTP security hole, it can be stated that the mechanisms for authentication and encryption used in PPTP still exhibit major vulnerabilities and are not state-of-the-art. I recommend not deploying PPTP as a VPN solution and argue to deprecate this protocol. The only somewhat safe way of deploying PPTP would be by using Transport Layer Security (TLS), which requires the implementation of an entire PKI infrastructure, which is why most people stay away from it. But even then, you run into similar security issues that plague SSL VPNs today.
The two only serious VPN technologies are Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec ) VPN. SSL VPN is similar to PPTP in that it is easier to deploy than other VPN types. The strength of IPsec VPN is its transparency over the IP network layer, which works in both versions of IP: IPv4 and IPv6. But its key strength results from the fact that it is an IETF standard, a framework of open standards protocols that support state-of-the-art strong authentication, authorization and encryption schemes and can be implemented in various standards-based ways.
Email your VPN-related questions to [email protected].
Dig Deeper on Branch office network design
Related Q&A from Rainer Enders
Rainer Enders explains how to allow certain users to access a VPN client while restricting others. Continue Reading
In this Ask the Expert response, Rainer Enders explains how to disable VPN passthrough and what the benefits and drawbacks are. Continue Reading
Our VPN expert explains why a Layer 3 VPN can ping but not do a tracepath from the client in this response. Continue Reading