Managing VPNs with PPTP

PPTP gives you an easy way to create VPNs

Microsoft's Point-to-Point Tunneling Protocol (PPTP) is a network protocol for creating Virtual Private Networks. VPNs are virtual because they use software to form a connection over a public network (typically the Internet). VPNs are private because they encrypt the data they carry to prevent other users from reading the data as it traverses a public network. VPNs can tunnel or encapsulate other network protocols (e.g., IPX, NetBEUI) within the TCP/IP protocol.

VPNs can form permanent or dial-up connections between sites. To establish a permanent PPTP connection, you need to use WindowsNT's Routing and Remote Access Service (RRAS) add-on. You typically use VPNs in dial-up situations in which an end user manually establishes a VPN to temporarily connect to a remote network. For example, an offsite employee might connect to the Internet through an Internet Service Provider (ISP) and then use a VPN to make a secure connection to the corporate office. PPTP lets you use inexpensive Internet links to create secure connections (dial-up or dedicated) between computers. I discuss only dial-up PPTP usage in this article.

PPTP is not the only network protocol you can use to create VPNs, but it is easy to acquire and use. NT, Windows 95, and Win98 include PPTP for free. You can obtain versions for Windows 3.1, Windows 3.11, and Macintosh from Network Telesystems (http://www.nts.com) and a Linux client (http://www.pdos.lcs.mit.edu/~cananian/Projects/PPTP). Thus, you can use PPTP to create VPNs among various OSs.

In this article, I describe how to configure PPTP on common Windowsplatforms and how to verify PPTP operation. (For more information aboutinstalling PPTP, see Douglas Toombs, "Point-to-Point Tunneling Protocol,"June 1997.)

Configuring RAS as a PPTP Server
PPTP requires Remote Access Service (RAS), even if you are not using a modem or ISDN adapter. PPTP piggybacks on many RAS operations and functions, regardless of whether you use it with dial-up or permanent network connections.

PPTP requires special RAS server settings. Open Control Panel, and startthe Network applet. Select Services, Remote Access Service. Then, select one ofthe VPN ports, and click Network. (Which VPN port you select does not matter,because they all have the same settings.) The encryption settings determinewhich Point-to-Point Protocol (PPP) authentication mechanisms the PPTP serveraccepts. The Require Microsoft encrypted authentication setting lets youuse only Microsoft's Challenge Handshake Authentication Protocol (CHAP). MS CHAPuses a different encryption scheme than regular CHAP uses, and MS CHAP is theonly authentication protocol that PPTP accepts. If you want to encrypt thetunneled connection, you must select Require data encryption. If you donot select this option, the data traversing the tunneled connection is notencrypted--­negating one of PPTP's most useful features.

PPTP Configuration
PPTP comes in two versions: 40-bit and 128-bit encryption. NT, Win95, andWin98 include the 40-bit version. The 128-bit version provides more secureencryption. You can download the 128-bit version of PPTP for NT, Win95, and Win98 from Microsoft's Web site at http://mssecure.www.conxion.com/cgi-bin/ntitar.pl. (For information about this download site, see Sean Daily, "NT Server Security Checklist, Part 2," October 1998.)

After installing PPTP and RAS, you need to apply (or reapply) the 40-bit or 128-bit version of Service Pack 3 (SP3). Using the 128-bit version is preferable, because a 128-bit PPTP server can accept incoming connections from 40-bit and 128-bit clients. You can download the 128-bit version of SP3 from Microsoft's Web site. If your site has encryption export restrictions, you can download the 40-bit version of SP3 from http://support.microsoft.com/download/support/mslfiles/nt4sp3_i.exe. The 40-bit version is also available on the NT 4.0 Option Pack CD-ROM, in the winntSP3 directory. If you use the 128-bit version of the PPTP client, you need to ensure that the PPTP server you are dialing into also uses the 128-bit service pack, or you will get only 40-bit encryption.

Configuring the NT PPTP Client
You can use the Dial-Up Networking (DUN) PPTP client to call a PPTP server. In most cases, you use DUN to make two connections (one to your ISP and one to a PPTP server). Each connection requires a DUN profile: one for a typical PPP connection and one for a PPTP connection that runs on top of the PPP connection. The first profile contains standard PPP settings such as modem type and telephone numbers. The second profile uses the VPN device (instead of a modem) and the IP address or hostname of the PPTP server (instead of a telephone number) to connect to the PPTP server. If you have already configured your ISP profile, you need to create the PPTP client profile.

Like the PPTP server, the PPTP client requires special settings. After you create the client profile, select Edit entry and modem properties from the More menu. In the Security tab, you must select Accept only Microsoft encrypted authentication and Require data encryption for PPTP to work correctly and encrypt your data. To test the connection, initiate the connection to your ISP in the typical manner. Then, dial the PPTP server. When the VPN is running, a small telephone icon with blinking lights appears in the taskbar. Double-click this icon to check your connection status or to disconnect the VPN.

If you will use the VPN frequently, use the Create shortcut to entryoption in the More menu. If you selected Save password, you need todouble-click the desktop shortcut to start the VPN. Using the menus to stop the VPN is cumbersome, so I created a hangup.bat file that contains the command line rasdial entryname /d. The Entry name is the name of the dial-up profile you created for PPTP. I created a shortcut for the hangup .bat file on my desktop, so I can start and stop the VPN with a double-click.

Configuring the Win95 PPTP Client
Unlike NT, Win95 PPTP clients have no control over encryption settings. The Require data encryption check box on the NT server determines whether a Win95 client uses encryption.

Win95 does not come with a PPTP client, but you can download PPTP fromMicrosoft's Web site. First, download the Microsoft Windows 95 Winsock Upgrade1.2 file from http://www.microsoft.com/windows/downloads/bin/w95wsockupd.exe. Double-click the file to install it. Then, download the Dial-UpNetworking 1.2 Upgrade file. You can download the 40-bit version from http://www.microsoft.com/communications/ pptpdownnow.htm or the 128-bit versionfrom http://mssecure.www.conxion.com/cgi-bin/ntitar.pl. If you downloadthe 128-bit version, you must select Windows 95 Dial-Up Networking Upgr 1.2bfor x86 systems. Save the file with an .exe extension. You install bothversions by double-clicking the file.

As with NT, you must dial in to an ISP with a PPP connection before you canconnect to a remote PPTP server. To initiate the PPTP session, first dial thePPP session. After the PPP session is functioning, dial the PPTP session. Ifboth sessions connect properly, you will have two DUN windows: one for eachconnection, as Screen 1, page 118, shows.

To hang up the PPTP connection from the command line, you can use thenhang32 utility. This utility is part of a freeware package called ndial32,which you can download from various sites on the Internet, includinghttp://www.shareware.com.

As on NT, I created a hangup.bat file that contained the command linewindowshang32.exe entryname, with the entryname of tunnel. I thencreated a desktop shortcut to the batch file so that I can easily disconnect thePPTP session with a double-click.

Configuring the Win98 PPTP Client
Win98 includes PPTP, so you can easily install PPTP from the Win98 CD-ROM.In Control Panel, open the Add/Remove Programs applet and select the Windows 98 Setup tab. Then, select Communications, Dial-Up Networking, Virtual Private Networking, General. You can use the DUN wizard to create a new profile for your PPTP server, as Screen 2, page 118, shows.

The Server Types tab has more options in Win98 than in Win95. You need to select Require encrypted password and Require data encryption, as Screen 3, page 118, shows, for the PPTP session to function properly.

When the PPTP session is running, Win98 displays more details about theconnection than either Win95 or NT does. As Screen 4 shows, the Protocols list confirms that CHAP authenticated the PPTP session, Microsoft Point-to-Point Compression (MPPC) is compressing data sent over the PPTP link, and Microsoft Point-to-Point Encryption (MPPE) is encrypting the data. The Protocols list also shows which network protocols are running over the PPTP session.

Logging PPTP Information
The System event log records each attempt to connect to a PPTP server. (For information about NT's event logs, see Michael D. Reilly, "Windows NT Event Viewer," November 1998.) The System log tells you who is using PPTP and what type of encryption they are using (40-bit or 128-bit). If the client connects using 128-bit encryption, the log records a strong connection. The log does not generate a similar message (i.e., weak) for 40-bit connections. The log shows the username and port number for each successful connection, as Screen 5 shows. When you disconnect a PPTP session, the system logs a summary.

Examining Network Traffic
Verifying PPTP operation is simple. You can use various network analyzers toconfirm network traffic encryption and determine the type of encryption. Forexample, the Microsoft Network Monitor listens on the network and capturestraffic between the PPTP client and server. Microsoft's Systems ManagementServer (SMS) includes a complete version of Network Monitor. This versionlistens for traffic between any computers on the network. (NT Server alsoincludes a limited version of Network Monitor that captures traffic only betweenthe computer running Network Monitor and other computers.)

Screen 6 shows a capture of a Telnet session running over an unencryptednetwork. The lower right pane shows the plain ASCII text, which typicallyincludes the username and password (in plain text) at the beginning of thesession.

Screen 7 shows a capture of Telnet traffic running over a PPTP session. Thedata is encrypted and looks like meaningless garbage. In addition, you cannottell what type of protocol is in use. This security feature prevents a hostileuser from basing an attack on previous knowledge of a particular application.

To understand how PPTP handles encryption and authentication, you need to befamiliar with two Internet Engineering Task Force (IETF) documents: MicrosoftPoint-To-Point Encryption (MPPE) Protocol(ftp://ftp.ietf.org/internet-drafts/draft-ietf-pppext-mppe-02.txt) andMicrosoft PPP CHAP Extensions (ftp://ftp.ietf.org/internet-drafts/draft-ietf-pppext-mschap-00.txt). Microsoft's Web sitecontains outdated versions of these documents. At press time, Microsoftannounced pending availability of updated documentation. The documents describethe encryption scheme (MPPE) and authentication scheme (MS CHAP) that PPTP uses.Network engineers who want to implement PPTP and systems administrators who wantto examine network traffic will find these documents useful.

The Microsoft Point-To-Point Encryption (MPPE) Protocol documentdescribes how encryption is negotiated at the beginning of a PPTP session. Youcan use this information to verify the type of encryption (40-bit or 128-bit) inuse on a PPTP session.

The section of the MPPE document you see in Figure 1, page 121, describeshow the Compression Control Protocol (CCP) negotiates MPPE options. The PPTPserver and client suggest encryption types to each other. If they find one thatthey both support, they agree to use it. If they fail to find a common scheme,they abort the PPTP session. The Type field identifies which CCP optionnegotiates encryption.

You can use this information to set up a Network Monitor filter thatdisplays only the packets you are interested in (e.g., only CCP packets with aConfiguration Option Type of 18), as Screen 8, page 121, shows. Start NetworkMonitor, and start the PPTP session. You can then capture the beginning of thePPTP session, where all options are negotiated. After you capture the packetsyou want, stop Network Monitor and PPTP. Then, apply the filter to the capturedtraffic. Screen 9 shows a packet I captured.

The relevant data in Screen 9 is the four octets (8-bit values) inhexadecimal form listed next to CCP: Values (i.e., 00 00 00 20). To decipherthese numbers, consult the section of the MPPE document in Figure 2 (edited forclarity).

This description tells you to focus on the least significant octet, which is the right-most 8 bits. In my example packet in Screen 9, the L bit is set and has a value of 0x20 in hexadecimal form or 100000 in binary form, indicating 40-bit encryption.

For a 128-bit example, see Screen 10. In this packet, the S and C bits are set. The C bit has a value of 0x41 in hexadecimal form or 1000001 in binary form.

As the MPPE document excerpt in Figure 3 shows, the PPTP session tries to negotiate the strongest form of encryption first (128-bit) and reverts to 40-bit encryption if it is the only scheme that both ends support. If the encryption negotiation fails, the PPTP session fails.

Using Network Monitor or another network-analysis tool lets you verify the operation of software on your system. You do not have to take the vendor's word that your data is encrypting properly.