22-05-2014, 10:26 AM
VPN Virtual Private Networks
VPN Virtual Private.pdf (Size: 634.5 KB / Downloads: 12)
Types of Virtual Private Networks (1/3)
1. Access VPN client initiated (=voluntary tunnel):
VPN client is located on client machine. NAS only delivers public IP address to client via PPP („public
PPP session“ between client and NAS).
On top of that client creates a VPN connection (e.g. L2TP) to get private IP and this way is hooked into
the private network just as it were directly connected to the private network („private PPP session“
between client and server).
This VPN mode is called „voluntary“ since the VPN is under control of the client itself (client can
decide if it establishes the VPN tunnel or not).
PPTP Point to Point Tunnelling Protocol RFC2637 (2/2)
PPTP was originally used for remote access via an ISP (PPTP = remote access solution). PPTP was
devised by Microsoft as a RAS (Remote Access Service) protocol.
PPTP is the most widely used VPN tunnelling protocol but will be supplanted by L2TP / IPSec in the long
run.
PPTP is based on and uses the services of PPP (Point to Point Protocol). By using PPP various
authentication (PAP, CHAP, MSCHAP, EAP) and encryption (ECP with preshared keys, RC4, DES) standards
compined with compression (CCP) are possible with PPTP.
PPTP provides multiprotocol encapsulation through usage of GRE for data packets; this means that the
tunnel between client and server is transparent for applications (applications do not „see“ the tunnel); client
is virtually within enterprise LAN.
GRE, as its name implies, is basically an encapsulation protocol that allows transport of layer 2 (e.g. PPP)
and 3 (IP) protocols. In PPTP GRE is used for the transport of data frames while PPTP control frames are used
for setting up the GRE connection.
PPTP uses a PPTP control connection (TCP) to establish a PPTP data tunnel (GRE) with the following
control connection messages:
PPTP_START_SESSION_REQUEST / _REPLY
PPTP_ECHO_REQUEST / _REPLY
PPTP_WAN_ERROR_NOTIFY
PPTP_SET_LINK_INFO
PPTP_STOP_SESSION_REQUEST / _REPLY