Point-to-Point Tunneling Protocol

righthand

1 2013-09-02

Introduction

• The PPTP is a Layer 2 protocol that

encapsulates PPP frames in IP datagrams for

transmission over an IP internetwork.

– Control Connection over TCP (port 1723)

– Tunnel transport GRE encapsulated PPP packets

2

PPTP Access Concentrator(PAC) PPTP Network Server(PNS)

Overview

3

PPP LCP → PPP CHAP → PPP CCP → PPP IPCP

PAC PNS

TCP (port 1723))

(1) Start-Control-Connection-Request

(2) Start-Control-Connection-Reply

(7) Outgoing-Call-Request

(8) Outgoing-Call-Reply

(15) Set-Link-Info

(5) Echo-Request

(6) Echo-Reply

Tunnel

…

(3) Stop-Control-Connection-Request

(12) Call-Clear-Request

(4) Stop-Control-Connection-Reply

(13) Call-Disconnect-Notify

(15) Set-Link-Info

Establish

Manage

Release

Control Connection

• Control Connection establish before Tunnel

– establish, manage, and release

• Control Connection Message

4

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Length PPTP Message Type

1: Control Message

2: Management Message (not defined)

Magic Cookie

(0x1A2B3C4D)

……

Control Message (I)

• 1 for Start-Control-Connection-Request

– initiate to setup the control connection

• 2 for Start-Control-Connection-Reply

– indicate success or failure of the setup operation

• 3 for Stop-Control-Connection-Request

– request to close the control connection

• 4 for Stop-Control-Connection-Reply

– indicate success or failure of the close operation

5

Start-Control-Connection-Request

6

Start-Control-Connection-Reply

7

Control Message (II)

• 5 for Echo-Request

– send periodically to keep the control connection

alive

• 6 for Echo-Reply

– response to the receipt of an Echo-Request to keep

the control connection active

8

Echo-Request

9

Echo-Reply

10

Control Message (III)

• 7 for Outgoing-Call-Request

– Request to create a VPN tunnel sent by the client.

• 8 for Outgoing-Call-Reply

– contains a unique identifier for that tunnel.

11

Outgoing-Call-Request

12

Outgoing-Call-Reply

13

Control Message (IV)

• 9 for Incoming-Call-Request

– request from a VPN client to receive an incoming call from the server.

• 10 for Incoming-Call-Reply

– indicating whether the incoming call should be answered.

• 11 for Incoming-Call-Connected

– provides additional call parameters to the VPN server.

14

Control Message (V)

• 12 for Call-Clear-Request

– request to disconnect Incoming or Outgoing Call

• 13 for Call-Disconnect-Notify

– response to the receipt of an Call-Clear-Request to

issue whenever a call is disconnected

15

Call-Clear-Request

16

Control Message (VI)

• 14 for WAN-Error-Notify

– sent error notification periodically

• 15 for Set-Link-Info

– notify to change the PPP-negotiated options

17

Set-Link-Info

18

PPP Challenge Handshake Authentication Protocol

19

PPP Compression Control Protocol

20

Tunnel Protocol

• The GRE tunnel is used to carry encapsulated

PPP packets.

– Enhanced GRE header

21

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

C R K S s Recur A Flags Ver Protocol Type

Key (HW) || Payload Length Key (LW) || Call ID

Sequence Number (Optional)

Acknowledgment Number (Optional)

IP Header GRE Header PPP Header PPP Compressed Datagram

PPP Compressed Datagram (I)

22

PPP Compressed Datagram (II)

23