PPTP is one of the most common VPN protocols, and is supported by nearly every VPN service. But PPTP is also largely outdated and there are better alternatives available.
In this article we’ll take a closer look at the advantages (there are some) and disadvantages of PPTP, as well as situations where it might be the right protocol choice (and alternatives).
What is PPTP?
PPTP is the Point-To-Point Tunneling Protocol. Invented by Microsoft in 1995, PPTP is one of the oldest and most widely supported VPN protocols still in use. It is a lightweight, fast protocol that works across nearly all operating systems.
But PPTP is not without flaws. The encryption Cipher is outdated and known to be vulnerable to brute force attacks by sophisticated actors such as the NSA or even talented hackers.
PPTP Overview
PPTP is a protocol for implementing a virtual private network connection. According to security researchers and Wikipedia, PPTP is an obsolete protocol (there are better, more secure alternatives).
First Released | 1995 (Microsoft) |
Encryption Strength | 128-bit |
Stream Cipher | RC4 |
Authentication | CHAP, MS-CHAP |
Connection Stability | Good |
Speed | Very Fast |
Known Vulnerabilities | Brute force, dictionary attacks, bit-flipping |
PPTP Security & Vulnerabilites
All Point-to-Point Tunnels use 128-bit encryption. In most implementations, handshake authentication is provided by MS-CHAP. Unfortunately even amateur hackers now have access to tools that can extract the password from the key exchange, compromising the entire VPN session.
Expert Consensus: Security professionals consider PPTP to be an insecure, outdated protocol.
Port: PPTP tunnels run on TCP port 1723 and use IP port 47 for the transport protocol.
Operating System Support
PPTP works well across most major operating systems, which may be why this outdated protocol is still being implemented (as on option) by many VPN services.
PPTP has native (built-in) support on Windows, Android, MacOS and iOS. PPTP can be used with other operating systems such as Linux and FireOS by using a VPN client that enables this functionality.
PPTP works with both wired and wireless networks. PPTP tunnels can be created by compatible VPN routers, including ASUSWRT routers.
Setting up a PPTP connection
Setting up a PPTP connection is quick and easy, since the protocol is natively supported by the most popular operating systems. Usually you only need a server address, username and password (assigned to you by your VPN service) to create a connection. It takes less than a minute.
Several VPN services still built PPTP into their client software as a protocol option, making setup even simpler.
Should you use PPTP?
PPTP has multiple known vulnerabilities, so many users avoid the protocol altogether. There are many good alternatives so there’s no harm using something like OpenVPN or L2TP instead.
But for the sake of fairness, let’s look at the advantages and disadvantages of PPTP.
Advantages
Disadvantages
Is there even a valid use case?
With so many weaknesses, it’s worth debating if PPTP even has value any more. Our contention is it still may be a useful protocol in cases where unbreakable security isn’t the goal (streaming, torrenting) or where there is no other good option.
For example, Android users might find that PPTP connections are much more stable than OpenVPN (which requires a separate app). So if you are mostly looking to hide your IP address from Netflix or torrent peers, you may be fine with an insecure cipher. Especially when the alternative is slower speeds or dropped connections.
If speed is your top priority, consider PPTP. When we test VPNs for our reviews, PPTP frequently outperforms the chunkier OpenVPN protocol.
Alternatives to PPTP
For other VPN use-cases that require robust security, you’ll want to use something other than PPTP. Its benefits simply don’t outweigh the severe weaknesses and encryption flaws that could expose your sensitive data to attackers.
Here are the best VPN protocols that use should consider instead:
L2TP/IPSec
L2TP/IPSec is the closest protocol to PPTP in terms of setup ease, performance and OS support. Windows, MacOS, iOS and Android all have native L2TP support. Most VPN providers offer this protocol as well.
L2TP tunnels are extremely stable, even more-so than PPTP, though speeds might be a tad slower (partially due to stronger encryption).
IPSec encrypts and authenticates every packet in the L2TP tunnel, to ensure that the data hasn’t been read or tampered with by a 3rd-party.
Bottom Line: L2TP/IPSec is the best, close alternative to PPTP.
IKEv2/IPSec
IKEv2/IPSec is an alternative to L2TP. It offers even better security and equivalent performance (if not better). Unfortunately IKEv2 doesn’t have much native OS support yet (though that is changing).
Several VPN companies have built the IKEv2 protocol into their software. One such company, IPVanish, has told us they believe IKEv2/IPSec outperforms OpenVPN when properly implemented.
Bottom Line: If your provider and OS support it, IKEv2 is a great option.
OpenVPN
OpenVPN is popular Open-Source protocol, and the default option for nearly every VPN software client release by consumer virtual network providers.
It’s not the fastest or the most stable protocol, but it’s extremely flexible and works on most devices and operating systems. Furthermore, OpenVPN has an active open-source community so it’s constantly improving and bugs/flaws are found quickly.
OpenVPN is available in multiple encryption strengths, which allow you to prioritize speed or security based on your needs. VyprVPN, VPN.AC, Torguard and Private Internet Access are a few of the services that let you switch encryption modes.
One downside is that OpenVPN has no built-in support for any operating system so you always have to use a 3rd-party client either from your VPN or the OpenVPN GUI.
Bottom Line: OpenVPN is the most popular PPTP alternative and is built into most VPN client software.
Wireguard
Wireguard is the newest mainstream protocol, and still proving itself in the eyes of security researchers.
Wireguard uses eliptic curve encryption (ECC) in an effort to achieve a more optimal blend of security, stability and performance. Mainstream VPN companies have taken notice, and several now offer Wireguard as a protocol, including: NordVPN and Private Internet Access.
In testing, Wireguard outperforms PPTP on all three metrics (security, stability & speed). The only downside is it doesn’t have native support on any OS besides linux, so 3rd-party client software is required.
Bottom Line: Wireguard is a promising protocol for early adopers, and handily outperforms PPTP where it counts.
In Conclusion
PPTP has mostly outlived its usefulness, but it’s still one of the most common protocols thanks to its speed and ease of setup.
Most users would be better served by other tunneling protocols, especially L2TP/IPSec and OpenVPN which are two of the best PPTP alternatives.
Though proven to be insecure, PPTP have use for use-cases where security isn’t the primary goal. If you mostly care about hiding your location and IP address while keeping most of your available bandwidth, PPTP could be a good fit.
Best Uses for PPTP:
- Torrent downloading
- Streaming/Unblocking
- Access websites with usage or location restrictions
- Use on devices where other protocols are unavailable or unstable
When NOT to use PPTP:
- Security is important
- You need stronger than 128-bit encryption
- Your ISP blocks VPN traffic
- Your VPN server is far away
- You have easy access to Alternative protocols