Introduction to PPTP, L2TP, and VPN (1)

Next to the content in the previous section:

What is PPTP?

The following is an official explanation of Microsoft (the first draft submitted by Microsoft ):

Point-to-Point Tunneling Protocol (PPTP) is a network protocol thatEnables the secure transfer of data from a remote client to a private enterprise serverBy creating a virtual
Private Network (VPN) Upload SSTCP/IP-basedData networks. PPTP supports on-demand, multi-protocol, Virtual Private Networking over public networks such
The Internet.

The networking technology of PPTP is an extension of the Remote Access Point-to-Point Protocol defined in the document by the Internet Engineering Task Force (IETF) titled "The Point-to-Point Protocol for the transmission
Multi-Protocol protocol rams over point-to-point links,"Referred to as RFC 1171.PPTP is a network protocol that encapsulates PPP packets into IP Route rams for transmissIon over the Internet or other
Public TCP/IP-based networks. PPTP can also be used in private LAN-to-lan networking.

Explanation: PPTP is a protocol that can be used for secure transmission (by establishing a VPN Network). It is an extension protocol of the PPP protocol. Unlike the PPP data link layer, it encapsulates PPP data packets (such as dial-up authentication and IP Address Allocation) in TCP/IP network IP packets ). PPTP can also be used in a private LAN-to-lan network.

Therefore, PPTP and VPN are inseparable. The following describes three aspects:

• PPTP and secure, Virtual Private Networking (VPN)

• Architecture of PPTP

• PPTP security features

PPTP and Virtual Private Networking

The PPTP protocol is supported with Windows NT Server version4.0 and Windows NT Workstation Version 4.0 operating systems. Computers running these operating can use the PPTP protocol to securely
Connect to a private network as a remote access client by using a public data network such as the Internet. in other words, PPTP enables on-demand, virtual private networks over the Internet or other public TCP/IP-based data networks. PPTP
Can also be used by computers connected to a LAN to create a virtual private network attached ss the LAN.

An important feature in the use of PPTP is its support for Virtual Private Networking by using public-switched telephone networks (pstns ). PPTP simplifies and reduces the cost of deploying an enterprise-wide, Remote Access Solution
For remote or mobile users because it provides secure and encryptedcommunications over public telephone lines and the Internet. PPTP eliminates the need for expensive, leased-line or private enterprise-Dedicated Communication
Servers because you can use PPTP over PSTN lines.

Generally, there are three computers involved in every PPTP deployment:

• A PPTP client (PPTP Client)
  

• A Network Access Server (Network Access Server)
  

• A PPTP Server (PPTP Server)
  

Explanation: the PPTP protocol is supported for Windows NT 4.0 and later operating systems. PPTP provides a secure and encrypted transmission solution for remote access at a low cost.

Note:You do not need the network access server in order to create a PPTP tunnel when using a PPTP client connected to a LAN to connect to a PPTP server connected to the same LAN. Explanation:If two computers in the same LAN are connected, no network access server is required.

The following section describes a typical PPTP scenario using these computers and explains how they relate to each other and then fully defines each of these components.

Typical PPTP scenario (General PPTP application scenarios)

A typical deployment of PPTP starts with a remote or mobile PPTP client that needs access to a private enterprise LAN by using a local Internet service provider (ISP). Clients using computers running Windows NT Server version
4.0 or Windows NT Workstation Version 4.0 use dial-up networking and the Remote Access Protocol PPP to connect to an ISP.

The client connects to a network access server (NAS) at the ISP facility. (Network Access Servers are also referred to as front-end processors (FePS), dial-in servers or point-of-presence (POP) servers .) once connected, the client
Can send and receive packets over the Internet. The network access server uses the TCP/IP protocol for all traffic to the Internet.

After the client has made the initial PPP connection to the ISP, a second dial-up networking call is made over the existing PPP connection. data sent using this second connection is in the form of IP multicast rams that contain PPP
Packets, referred to as encapsulated PPP packets.

The second call creates the Virtual Private Networking (VPN) connection to a PPTP server on the private enterprise LAN, this is referred to asTunnel. This is shown in the following figure:

Figure1

1. The client first connects to the ISP through the first PPP dialing to ensure Internet access.

2. After you connect to the ISP through PPP, You need to dial again on the basis of the PPP connection. The second connection left a VPN connection to the PPTP service, which is called a tunnel.

TunnelingIs the process of sending packets to a computer on a private network by routing them over some other network, such as the Internet. the other network routers cannot access the computer that is on the private network. however, Tunneling
Enables the routing network to transmit the packet to an intermediary computer, such as a PPTP server, that is connected to the both the routing network and the private network. both the PPTP client and the PPTP server use tunneling to securely Route packets
To a computer on the private network by using routers that only know the address of the private network intermediary server.

When the PPTP server has es the packet from the routing network, it sends it has ss the private network to the destination computer. the PPTP server does this by processing the PPTP packet to obtain the private network computer name or address information
In the encapsulated PPP packet. note that the encapsulated PPP packet can contain in multi-protocol data such as TCP/IP, IPX, or netbeui protocols. because the PPTP server is configured to communicate guest ss the private network
By using private network protocols, it is able to read multi-protocol packets.

The following figure tables strates the multi-protocol support built-into PPTP. A packet sent from the PPTP client to the PPTP server passes through the PPTP tunnel to a destination computer on the private network.

Figure 2:-connecting a dial-up networking PPTP client to the private network

The gray data is encrypted.

PPTP encapsulates the encrypted and compressed PPP packets into IP Route rams for transmission over the Internet. These IP Route rams are routed over the Internet until they reach the PPTP server that is connected to
Internet and the private network. the PPTP Server disassembles the IP datateinto a PPP packet and then decrypts the PPP packet using the network protocol of the private network. as mentioned earlier, the network protocols on the private network that are
Supported by PPTP are IPX, netbeui, or TCP/IP.

PPTP clients

A computer that supports the PPTP network protocol, e.g., a Microsoft Client, can connect to a PPTP Server intwo ways:

• By using an ISP's network access server that supports inbound PPP connections (Figure1 dial twice)

• By using a physical TCP/IP-enabled LAN connection to connect to a PPTP Server)

PPTP clients that use an ISP's network access server must be configured with a modem and a VPN device to make the separate connections to the ISP and the PPTP server. thefirst connection is a dial-up connection using
PPP protocol over the modem to an Internet Service Provider. Thesecond connection
Is a VPN connection using PPTP, over the modem and the ISP connection, to tunnel guest ss the Internet to a VPN device on the PPTP server. the second connection requires the first connection because the tunnel between the VPN devices is established
Using the modem and PPP connection to the Internet.

The exception to this two-connection requirement is using PPTP to create a virtual private network between computers physically connected to the Private Enterprise Network LAN. in this scenario, a PPTP client isalready connected
To the network and only uses dial-up networking with a VPN device to create the connection to a PPTP server on thelan.

PPTP packets from a remote access PPTP client and a local lan pptp client are processeddifferently. a pptp packet from a remote access PPTP client is placed on the telecommunication device physical media, while the PPTP
Packet from a lan pptp client is placed on the network adapter physical media as your strated in the following figure:

It is very convenient to build a VPN (PPTP and L2TP) on Windows and Linux servers. How can we build a VPN on Baidu. If IPSec VPN is applied, do I need to install additional components on the client? (To be confirmed ). The next section briefly introduces L2TP.