Posted by arlene

The Point-to-Point Protocol (PPP) is an error-checking protocol used for dial-up connections to the Internet. PPP allows for the encapsulation of data packets from multiple protocols for simple transmission across a dedicated link, such as a phone line when you dial in to the Internet. PPP performs no routing functions, but merely encapsulates the protocol packets it receives by attaching its own header and sends them to the other endpoint of the connection.

PPTP extends the capabilities of PPP so that a tunnel can be created through a packet-switched network, such as the Internet, instead of across a serial link. The concepts are similar. PPTP encapsulates another protocol packet and the PPTP packet is then routed through the network. The endpoints that use the PPTP connection don’t have to be aware that they are at opposite ends of a large packet- switched network. Instead, it is as if both computers are on the same network.

Another difference between PPP and PPTP is that PPTP allows for the encryption of the payload portion of the packet so that IP (or other protocol) datagrams can be protected from prying eyes as they travel.

For example, a home user who wants to connect to a server on his company’s network first makes a dial-up connection to an Internet service provider (ISP). After the connection is set up, another set of protocol negotiations begins to set up the PPTP tunnel, over the PPP link. The endpoints for the PPP link are the home user and the ISP. The endpoints for the PPTP link are the home user’s computer and the company’s remote access service (RAS) that uses the Internet. At the RAS endpoint, the PPTP packets are unpackaged and the contents decrypted to reveal the original IP (or other protocol) packet, which can then be sent onto the company network. Thus, the home user can operate as if he were directly connected to the company network.

This protocol was used in Windows NT 4.0, and although it’s still supported in Windows 2000 and Windows XP, the newer L2TP is the preferred method for newer implementations for Windows clients.

Layer Two Tunneling Protocol (L2TP)

L2TP is one of two protocols with built-in support in Windows XP and Windows 2000. Users running either version of Windows can use the built-in VPN clients to connect via the Internet and create a secure connection to the home corporate network.

L2TP is an enhancement of PPTP that uses technology from a Cisco protocol called Layer 2 Forwarding (L2F). The combination of these two protocols is documented in RFC 2662, “Layer Two Tunneling Protocol ‘L2TP.’” L2TP uses UDP for sending user data packets as well as for maintenance messages used to manage the VPN connection. Because L2TP itself is only a tunneling protocol, the IPSec protocol is used for the actual encryption that protects the contents of the data traversing the tunnel.

Note

A true VPN should provide both a tunnel, which is a method for encapsulating another protocol datagram or packet, and some kind of encryption to protect the contents of the data being transferred. However, it’s possible to create a tunnel that does not use any form of encryption for the data packet. In such a case, L2TP or AH can provide an integrity check on the header information and packet contents to ensure that they are not alerted during transit. This type of tunnel is not a true VPN, but it does provide some sort of security in that you can be assured that the data sent from one end of the connection arrives at the other end in its original format. For security purposes, the data should be sent in encrypted format, using IPSec.

Because UDP packets—rather than TCP packets—are used by L2TP, a session does not exist. Instead, L2TP uses sequence numbers for each message to make sure that packets are ordered correctly from the origination point to the destination.

L2TP Encapsulation

L2TP relies on the PPP protocol. The PPP datagram is encapsulated by L2TP by attaching an L2TP header directly in front of the PPP header. Because L2TP uses UDP, as you can probably guess, the UDP header is prefixed to the result. In Figure 46.2, you can see an overview of how the packet looks at this point.

If you just want to create a tunnel, this level of encapsulation is all you need because the UDP packet will make a best-effort attempt to deliver the packet by passing it to the IP protocol for transmission on the routed network.

However, because a VPN needs to provide some level of security for the payload, the IPSec protocol comes into play. The packet shown is encapsulated by IPSec by attaching the IPSec header and trailer to the packet before it is sent to the IP protocol. In Figure 46.3, you can see the format for the resulting datagram.

Possibly related posts: (automatically generated)
The Point-to-Point Tunneling Protocol (PPTP)

• Creating a VPN Connection with Windows XP Professional continue…
• The latest Mobile Market
• Electronic Commerce, Ecommerce, Network and Internet Payment part 1
• What Are Bluetooth Profiles? part 1
• What Are Bluetooth Profiles? part 3
• Internet, Intranets, and System Diversity
• Wireless Security Issues
• Is the Future of Ecommerce Mobile?
• What Are Bluetooth Profiles? part 2
• Proxy Agents