Pptp/ L2Tp; Pptp - D-Link DFL-1600 User Manual

228 Chapter 22. VPN Protocols & Tunnels
22.2

PPTP/ L2TP

As introduced in the previous sections, IPsec provides methods for two
endpoints to transport data packets as they are connecting by a "private
channel ". Such technique is often called Tunneling. Like the functions of
IPsec we have discussed, the tunneling protocols offer the standards for
encapsulation, transmission, and decapsulation to the data transfer process.
The endpoints of the tunnel must agree on the same tunneling protocol to
be able to communicate.
IPsec features the Tunnel mode ESP encapsulation with encryption and
authentication and becomes widely used for very secure VPN
implementations. However, there are some limitations of using IPsec
tunneling, for example, it is not supported by all systems and it can be
hard to configure.
In contrast, PPTP and L2TP tunneling protocols are widely supported and
easier to configure than IPsec.
22.2.1

PPTP

Point-to-Point Tunneling Protocol(PPTP) is built on Point-to-Point
protocol(PPP), Generic Routing Encapsulation (GRE), and TCP/IP.
PPTP tunneling format
PPTP relies on the PPP protocol to encapsulate datagrams (see 9.4.1
PPP). The PPP frame is then encapsulated into GRE packet with routing
information included, which is in turn packed with an IP header to conform
to the Internet addressing convention, shown in Table 22.1. The Layer 2
data frame is the basic transport unit. Data-link layer header and trailer
are put onto the PPTP encapsulated packet to form the tunneling data.
PPTP uses TCP port 1723 for it's control connection and GRE (IP
protocol 47) for the PPP data.
IP Header GRE Header PPP Payload
PPP Frame
Table 22.1: PPTP Encapsulation.
D-Link Firewalls User's Guide