Point-to-Point Tunneling Protocol
PPTP is a cautionary tale in protocol design. Understanding why it's broken (DES key space in MS-CHAPv2, RC4 key reuse in MPPE) teaches important lessons about protocol-level cryptographic failures. Never deploy it.
What It Defines
Defines PPTP — an early VPN protocol developed by Microsoft that creates a PPP tunnel over TCP (control channel on port 1723) with GRE (data channel). Uses MS-CHAPv2 for authentication and MPPE (RC4-based) for encryption. Published as Informational, never Standards Track. Cryptographically broken: the MPPE encryption derives keys from MS-CHAPv2, which can be cracked in under 24 hours with a single DES brute force via CloudCracker/chapcrack. Despite being deprecated since ~2012, PPTP still appears in legacy corporate networks.
Canonical (Normative)
Related References
The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.
Related Specs
GRE is the standard tunneling protocol for carrying routing protocols (OSPF, EIGRP) across IPsec links. AWS Transit Gateway, SD-WAN overlays, and many enterprise networks use GRE+IPsec. Also the basis for PPTP's data channel.
L2TP/IPsec was the default VPN protocol on every major OS for a decade. Understanding L2TP explains why many legacy VPN deployments use UDP port 1701, why they're always paired with IPsec, and how they differ from pure IPsec tunnel mode.
IPsec is the dominant VPN technology for enterprise site-to-site links (AWS VPN, Azure VPN Gateway, on-prem firewalls). Understanding tunnel vs transport mode, SAs, and the SPD is essential for configuring and debugging VPN connectivity.