PPTP VPN (Point-to-Point Tunneling Protocol): What it is and how it works

Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols still in use today. 

However, compared to more modern alternatives, like OpenVPN, WireGuard, and ExpressVPN’s proprietary Lightway protocol, PPTP is widely considered an outdated and insecure choice. 

This guide covers the origins of PPTP, how it works, pros and cons, and whether it still holds any value for the average VPN user today.

What is PPTP?

PPTP is a VPN protocol. Protocols are sets of rules that control how a VPN functions. They impact aspects like security and speed when setting up your VPN connection. 

There are several VPN protocols to choose from, and PPTP is one of the oldest, having been around since Windows 95. 

At the time, businesses needed a way for employees to connect to internal resources from outside the office using dial-up internet connections—which were insecure and had no built-in privacy. PPTP came in to solve that by:

• Creating a secure tunnel over the public internet,
• Using PPP (Point-to-Point Protocol) for authentication and data framing,
• And wrapping it in Microsoft Point-to-Point Encryption for basic encryption.

Let’s take a closer look at how it works.

How does PPTP VPN work?

As mentioned, PPTP was built primarily for remote workers to access company networks safely without needing physical access or expensive leased lines. It wasn’t designed with personal privacy in mind, unlike most modern VPN protocols.Here’s a step-by-step breakdown of how PPTP works:

1. The user connects to the internet: A user (for example, someone working from home) connects to the internet using their local internet service provider (ISP). Back in the day, this would be via dial-up networking, but PPTP can be used over other internet connections as well.
2. Connection to the ISP’s network access server (NAS): The user’s device connects to a network access server (NAS), which manages user connections on the ISP’s end. 
3. PPP (Point-to-Point Protocol) link is established: A standard PPP connection is set up between the client and the NAS, allowing the user to send and receive general internet traffic.
4. A second virtual call is made over the PPP link: Over the already established PPP connection, the user now initiates a second session, this time to the company’s PPTP server on a private LAN.
5. Encapsulated data transmission begins: The data for this second connection is sent as IP packets that encapsulate PPP frames. These encapsulated packets form the VPN tunnel.
6. PPTP tunnel is established: This second virtual session forms a PPTP tunnel between the user and the company’s PPTP server. Thanks to this tunnel, the remote worker can now securely access files, apps, or systems that are normally only available at the office.

It’s worth noting that, compared to modern VPN protocols, such as OpenVPN and ExpressVPN’s Lightway, PPTP is more of a rudimentary tunneling protocol than a fully fledged VPN protocol in the modern sense, as it lacks any kind of routing mechanism to send data packets to their destination. 

PPTP VPN pros and cons

The PPTP VPN protocol has some benefits in specific use cases. However, it also has several distinct drawbacks that outweigh its advantages in most other cases.

Advantages of using PPTP

PPTP’s main appeal is its simplicity—it’s easy to set up, even for non-tech-savvy users, and is built into some operating systems, so there’s no need for extra apps. It’s also fast, since its outdated encryption doesn’t slow things down much, and it’s lightweight enough to run smoothly on older or low-powered devices. However, modern protocols like Lightway offer similar ease of use and better performance—without compromising on security.

Disadvantages of PPTP

• Weak encryption: PPTP relies on Microsoft Point-to-Point Encryption. MPPE uses the RC4 stream cipher, which was once popular but is now considered cryptographically broken due to multiple vulnerabilities.
• Poor authentication: The implementation of MPPE with RC4 is especially weak when paired with MS-CHAPv2, the authentication protocol used in PPTP. MS-CHAPv2 can be cracked in minutes, giving attackers access to the encryption keys.
• Firewall issues: PPTP uses GRE (generic routing encapsulation), a protocol that many firewalls block by default. This can make PPTP difficult or impossible to use behind strict firewalls or network address translation (NAT) devices.
• Deprecated: While PPTP was once widely supported, it’s now deprecated on most major platforms due to security concerns. For example, Apple removed native support in macOS and iOS, and many VPN providers no longer offer it.
• Lacks additional security features: Modern VPN protocols offer more advanced security features to protect users. Many support perfect forward secrecy (PFS), for example, which helps to ensure that even if one encryption key is cracked or compromised, past and future communications will still be secure because each session uses a new key. PPTP, in contrast, does not support PFS.

What is PPTP passthrough, and when is it needed?

PPTP passthrough is a feature present in some router models, especially older ones. Its purpose is to allow PPTP VPN traffic to “pass through” firewalls and NAT devices, which would otherwise block it. In other words, it lets PPTP connections travel through the router without any restrictions.

This feature is only useful if you’re using PPTP and encountering issues with firewalls or NAT.

PPTP vs. other VPN protocols: A complete comparison

Next, let’s take a look at how the PPTP VPN protocol matches up to other protocols, like OpenVPN or IKEv2. 

PPTP vs. OpenVPN

OpenVPN is one of the most popular and widely used VPN protocols today. It's open-source, meaning its code is freely available for anyone to inspect, audit, and even modify. Multiple independent security audits have confirmed that OpenVPN is a secure and reliable protocol.

Compared to PPTP, OpenVPN offers much stronger security with its robust encryption, secure authentication, and forward secrecy.

PPTP vs. L2TP/IPSec

L2TP, or Layer Two Tunneling Protocol, works in conjunction with the IPSec security protocol to establish secure VPN connections. The L2TP protocol handles the connection and tunneling, while IPSec does the encryption. 

This is quite an old protocol, similar to PPTP, and the two are equally straightforward to set up and work with. L2TP/IPSec is usually more secure, as IPSec offers up to 256-bit encryption, and it’s more stable. That said, there are several modern protocols that are better in terms of security than both PPTP and L2TP/IPSec.

PPTP vs. IKEv2

Internet Key Exchange version 2 (IKEv2), like L2TP, is a VPN protocol that works together with the IPSec security protocol. IKEv2/IPSec is one of the most commonly used VPN protocols, thanks to its strong levels of performance in aspects like speed, security, and stability, and it works particularly well on mobile devices, as it can quickly reconnect when switching from Wi-Fi to mobile data and vice versa.

In contrast to PPTP, IKEv2/IPSec implements stronger encryption and superior authentication, so it does a much better job of keeping your data safe. And despite the larger encryption overhead, IKEv2/IPSec isn’t slower than PPTP. It’s also more stable on the whole.

PPTP vs. WireGuard

WireGuard is another popular VPN protocol, bearing some similarities to OpenVPN. It’s open-source and has been independently audited, without any major issues detected. WireGuard is also known for being lean and lightweight, made up of just over 7,000 lines of code. Thanks to this, it’s very easy to work with.

The lean and lightweight nature of WireGuard also gives it a speed advantage over PPTP. Plus, it uses the 256-bit ChaCha20 encryption algorithm, which is superior to PPTP’s encryption in every way. Overall, WireGuard is safer, more stable, and much more reliable than PPTP.

When (and why) would you still use PPTP?

Given its many flaws, coupled with the fact that there are a lot of simpler and better VPN protocols out there, you might wonder if there is really any point to using PPTP. Or any situation where you might choose to use this protocol at all? 

We don’t recommend using PPTP when you have other options—especially modern protocols like Lightway and WireGuard that are secure, fast, and easy to set up. But if you’re using older devices that don’t have access to the latest and greatest in VPN protocol technology, PPTP is still better than nothing. It will provide some level of security and privacy for your online connections, and some networks still rely on it because it’s simple to set up and compatible with legacy systems.