http://www.uttglobal.com
Page
12812812
UTT Technologies
Chapter 10 VPN
The PPTP client sends the PPTP packets to the PPTP server through the PPTP
tunnel ((10) in Figure 9-2).
The PPTP client receives the PPTP packets from the PPTP server, and performs
decapsulation ((15) in Figure 9-2).
The PPTP client forwards the user data (i.e., original packets) to their intend
destinations ((16) in Figure 9-2).
The PPTP tunnel is terminated manually by the user or automatically due to no
activity for some time ((17) in Figure 9-2).
After the PPTP tunnel is terminated, the PPTP client’s virtual interface returns to the
listening state ((18) in Figure 9-2).
9.1.3 User Authentication
PPTP provides user authentication to authenticate the user attempting the PPTP
connection by PPP-based user authentication modes such as PAP, CHAP, etc. Note that
the two endpoints of a PPTP tunnel should use the same authentication mode.
On the Gigabit Router, it allows you to choose PAP, CHAP or Either as the user
authentication mode for a PPTP client. It also allows you to choose None, which means
that no authentication is performed. By default, the authentication mode is Either, which
means that the PPTP client will automatically negotiate it with peer.
9.1.4 Data Confidentiality
PPTP doesn’t provide any data encryption service by itself; it uses PPP compression and
encryption mechanisms (such as CCP, PPE, etc.) to provide data confidentiality.
9.1.5 MTU and Fragmentation
The Gigabit Router will fragment an IP packet if it exceeds the MTU of the outbound
physical interface. For example, a standard Ethernet-type interface has a MTU of 1500
bytes, thus the Gigabit Router will fragment a packet exceeding 1500 bytes in order to
transmit it over the Ethernet interface.
With PPTP, the addition of PPTP headers may cause IP fragmentation. When an IP
packet is nearly the size of MTU of the outbound physical interface (for example, ERP or
FTP packets are often relatively large), and it is further encapsulated with PPTP headers,
