Point-to-Point Tunneling Protocol (PPTP) is one of the oldest VPN protocols still in use today.
However, compared to more modern alternatives, like OpenVPN, WireGuard, and ExpressVPN’s proprietary Lightway protocol, PPTP is widely considered an outdated and insecure choice.
This guide covers the origins of PPTP, how it works, pros and cons, and whether it still holds any value for the average VPN user today.
What is PPTP?
PPTP is a VPN protocol. Protocols are sets of rules that control how a VPN functions. They impact aspects like security and speed when setting up your VPN connection.
There are several VPN protocols to choose from, and PPTP is one of the oldest, having been around since Windows 95.
At the time, businesses needed a way for employees to connect to internal resources from outside the office using dial-up internet connections—which were insecure and had no built-in privacy. PPTP came in to solve that by:
- Creating a secure tunnel over the public internet,
- Using PPP (Point-to-Point Protocol) for authentication and data framing,
- And wrapping it in Microsoft Point-to-Point Encryption for basic encryption.
Let’s take a closer look at how it works.
How does PPTP VPN work?
As mentioned, PPTP was built primarily for remote workers to access company networks safely without needing physical access or expensive leased lines. It wasn’t designed with personal privacy in mind, unlike most modern VPN protocols.
Here’s a step-by-step breakdown of how PPTP works:
- The user connects to the internet: A user (for example, someone working from home) connects to the internet using their local internet service provider (ISP). Back in the day, this would be via dial-up networking, but PPTP can be used over other internet connections as well.
- Connection to the ISP’s network access server (NAS): The user’s device connects to a network access server (NAS), which manages user connections on the ISP’s end.
- PPP (Point-to-Point Protocol) link is established: A standard PPP connection is set up between the client and the NAS, allowing the user to send and receive general internet traffic.
- A second virtual call is made over the PPP link: Over the already established PPP connection, the user now initiates a second session, this time to the company’s PPTP server on a private LAN.
- Encapsulated data transmission begins: The data for this second connection is sent as IP packets that encapsulate PPP frames. These encapsulated packets form the VPN tunnel.
- PPTP tunnel is established: This second virtual session forms a PPTP tunnel between the user and the company’s PPTP server. Thanks to this tunnel, the remote worker can now securely access files, apps, or systems that are normally only available at the office.
It’s worth noting that, compared to modern VPN protocols, such as OpenVPN and ExpressVPN’s Lightway, PPTP is more of a rudimentary tunneling protocol than a fully fledged VPN protocol in the modern sense, as it lacks any kind of routing mechanism to send data packets to their destination.
PPTP VPN pros and cons
The PPTP VPN protocol has some benefits in specific use cases. However, it also has several distinct drawbacks that outweigh its advantages in most other cases.
| Pros | Cons |
| ✅ Fast speeds | ❌ Poor standard of encryption |
| ✅ Runs on older machines | ❌ Weak authentication technology |
| ❌ Struggles with firewalls | |
| ❌ Cannot compete with modern protocols | |
| ❌ Deprecated in some operating systems |
Advantages of using PPTP
PPTP’s main appeal is its simplicity—it’s easy to set up, even for non-tech-savvy users, and is built into some operating systems, so there’s no need for extra apps. It’s also fast, since its outdated encryption doesn’t slow things down much, and it’s lightweight enough to run smoothly on older or low-powered devices. However, modern protocols like Lightway offer similar ease of use and better performance—without compromising on security.
Disadvantages of PPTP
- Weak encryption: PPTP relies on Microsoft Point-to-Point Encryption. MPPE uses the RC4 stream cipher, which was once popular but is now considered cryptographically broken due to multiple vulnerabilities.
- Poor authentication: The implementation of MPPE with RC4 is especially weak when paired with MS-CHAPv2, the authentication protocol used in PPTP. MS-CHAPv2 can be cracked in minutes, giving attackers access to the encryption keys.
- Firewall issues: PPTP uses GRE (generic routing encapsulation), a protocol that many firewalls block by default. This can make PPTP difficult or impossible to use behind strict firewalls or network address translation (NAT) devices.
- Deprecated: While PPTP was once widely supported, it’s now deprecated on most major platforms due to security concerns. For example, Apple removed native support in macOS and iOS, and many VPN providers no longer offer it.
- Lacks additional security features: Modern VPN protocols offer more advanced security features to protect users. Many support perfect forward secrecy (PFS), for example, which helps to ensure that even if one encryption key is cracked or compromised, past and future communications will still be secure because each session uses a new key. PPTP, in contrast, does not support PFS.
What is PPTP passthrough, and when is it needed?
PPTP passthrough is a feature present in some router models, especially older ones. Its purpose is to allow PPTP VPN traffic to “pass through” firewalls and NAT devices, which would otherwise block it. In other words, it lets PPTP connections travel through the router without any restrictions.
This feature is only useful if you’re using PPTP and encountering issues with firewalls or NAT.
PPTP vs. other VPN protocols: A complete comparison
Next, let’s take a look at how the PPTP VPN protocol matches up to other protocols, like OpenVPN or IKEv2.
PPTP vs. OpenVPN
OpenVPN is one of the most popular and widely used VPN protocols today. It’s open-source, meaning its code is freely available for anyone to inspect, audit, and even modify. Multiple independent security audits have confirmed that OpenVPN is a secure and reliable protocol.
Compared to PPTP, OpenVPN offers much stronger security with its robust encryption, secure authentication, and forward secrecy.
PPTP vs. L2TP/IPSec
L2TP, or Layer Two Tunneling Protocol, works in conjunction with the IPSec security protocol to establish secure VPN connections. The L2TP protocol handles the connection and tunneling, while IPSec does the encryption.
This is quite an old protocol, similar to PPTP, and the two are equally straightforward to set up and work with. L2TP/IPSec is usually more secure, as IPSec offers up to 256-bit encryption, and it’s more stable. That said, there are several modern protocols that are better in terms of security than both PPTP and L2TP/IPSec.
PPTP vs. IKEv2
Internet Key Exchange version 2 (IKEv2), like L2TP, is a VPN protocol that works together with the IPSec security protocol. IKEv2/IPSec is one of the most commonly used VPN protocols, thanks to its strong levels of performance in aspects like speed, security, and stability, and it works particularly well on mobile devices, as it can quickly reconnect when switching from Wi-Fi to mobile data and vice versa.
In contrast to PPTP, IKEv2/IPSec implements stronger encryption and superior authentication, so it does a much better job of keeping your data safe. And despite the larger encryption overhead, IKEv2/IPSec isn’t slower than PPTP. It’s also more stable on the whole.
PPTP vs. WireGuard
WireGuard is another popular VPN protocol, bearing some similarities to OpenVPN. It’s open-source and has been independently audited, without any major issues detected. WireGuard is also known for being lean and lightweight, made up of just over 7,000 lines of code. Thanks to this, it’s very easy to work with.
The lean and lightweight nature of WireGuard also gives it a speed advantage over PPTP. Plus, it uses the 256-bit ChaCha20 encryption algorithm, which is superior to PPTP’s encryption in every way. Overall, WireGuard is safer, more stable, and much more reliable than PPTP.
When (and why) would you still use PPTP?
Given its many flaws, coupled with the fact that there are a lot of simpler and better VPN protocols out there, you might wonder if there is really any point to using PPTP. Or any situation where you might choose to use this protocol at all?
We don’t recommend using PPTP when you have other options—especially modern protocols like Lightway and WireGuard that are secure, fast, and easy to set up. But if you’re using older devices that don’t have access to the latest and greatest in VPN protocol technology, PPTP is still better than nothing. It will provide some level of security and privacy for your online connections, and some networks still rely on it because it’s simple to set up and compatible with legacy systems.
FAQ: Common questions about PPTP VPN protocol
Is PPTP VPN outdated?
Yes, PPTP is an outdated VPN protocol. It does not have the same standards of security and encryption as more modern protocols, such as OpenVPN, WireGuard, and ExpressVPN’s Lightway.
Can PPTP still be used in Windows 10/11?
Yes, you can still use PPTP on modern Windows machines running the Windows 10 or 11 operating systems. However, it’s not recommended. Even Microsoft, creator of PPTP, recommends using other, more secure alternatives.
What is the difference between PPTP and L2TP?
These two protocols work in slightly different ways, with L2TP harnessing IPSec for encryption. This makes L2TP more secure than PPTP, although both protocols have more modern alternatives with better security.
Why is PPTP not recommended?
Because it has numerous security flaws in its encryption and authentication processes, and there are simpler, more secure options out there nowadays.
Does PPTP use TCP or UDP?
PPTP uses TCP port 1723 to establish and manage the control connection between the VPN client and server. For the actual transmission of VPN data (encapsulated PPP packets), it relies on GRE (Generic Routing Encapsulation—IP protocol 47).
PPTP can’t operate over UDP—it strictly requires TCP and GRE. This combination can make it more susceptible to issues on networks that block GRE traffic.
Which VPN protocol is currently the best?
The best VPN protocol depends on your needs, but ExpressVPN’s Lightway, OpenVPN, and WireGuard are widely regarded as top choices for speed and security.
What is PPTP VPN used for?
PPTP is used to establish secure tunnels between user devices and VPN servers. However, it isn’t used very much nowadays, as it is considered an outdated and insecure protocol.
Does PPTP have encryption?
Yes, PPTP does include encryption, but it’s considered outdated and insecure. It uses Microsoft Point-to-Point Encryption (MPPE), which supports 40-bit, 56-bit, or 128-bit keys and relies on the RC4 stream cipher. While this was sufficient at the time of its release, RC4 has since been found to have serious vulnerabilities, and the authentication method PPTP often uses—MS-CHAPv2—can be cracked relatively easily. Because of these weaknesses, PPTP’s encryption is no longer considered safe for protecting sensitive data.
Which is better, OpenVPN or PPTP?
OpenVPN is superior to PPTP in every way. It’s much more secure, stable, and reliable, and it has far fewer vulnerabilities.
Is IPsec better than PPTP?
IPSec isn’t a standalone VPN protocol—it’s typically used in combination with protocols like IKEv2, which is generally superior to PPTP in terms of security and stability.
What port does PPTP VPN use?
PPTP uses the TCP port 1723 to establish a VPN connection.
