PPTP VPN: What it is, When to use it, and better alternatives

PPTP VPN Protocol

PPTP is one of the most common VPN protocols, and is supported by nearly every VPN service. But PPTP is also largely outdated and there are better alternatives available.

In this article we’ll take a closer look at the advantages (there are some) and disadvantages of PPTP, as well as situations where it might be the right protocol choice (and alternatives).

What is PPTP?

PPTP is the Point-To-Point Tunneling Protocol. Invented by Microsoft in 1995, PPTP is one of the oldest and most widely supported VPN protocols still in use. It is a lightweight, fast protocol that works across nearly all operating systems.

But PPTP is not without flaws. The encryption Cipher is outdated and known to be vulnerable to brute force attacks by sophisticated actors such as the NSA or even talented hackers.

PPTP Overview

PPTP is a protocol for implementing a virtual private network connection. According to security researchers and Wikipedia, PPTP is an obsolete protocol (there are better, more secure alternatives).

First Released1995 (Microsoft)
Encryption Strength128-bit
Stream CipherRC4
AuthenticationCHAP, MS-CHAP
Connection StabilityGood
SpeedVery Fast
Known VulnerabilitiesBrute force, dictionary attacks, bit-flipping
Key Specs for PPTP Protocol

PPTP Security & Vulnerabilites

All Point-to-Point Tunnels use 128-bit encryption. In most implementations, handshake authentication is provided by MS-CHAP. Unfortunately even amateur hackers now have access to tools that can extract the password from the key exchange, compromising the entire VPN session.

Expert Consensus: Security professionals consider PPTP to be an insecure, outdated protocol.

Port: PPTP tunnels run on TCP port 1723 and use IP port 47 for the transport protocol.

Operating System Support

PPTP works well across most major operating systems, which may be why this outdated protocol is still being implemented (as on option) by many VPN services.

PPTP has native (built-in) support on Windows, Android, MacOS and iOS. PPTP can be used with other operating systems such as Linux and FireOS by using a VPN client that enables this functionality.

PPTP works with both wired and wireless networks. PPTP tunnels can be created by compatible VPN routers, including ASUSWRT routers.

Setting up a PPTP connection

Setting up a PPTP connection is quick and easy, since the protocol is natively supported by the most popular operating systems. Usually you only need a server address, username and password (assigned to you by your VPN service) to create a connection. It takes less than a minute.

Several VPN services still built PPTP into their client software as a protocol option, making setup even simpler.

Should you use PPTP?

PPTP has multiple known vulnerabilities, so many users avoid the protocol altogether. There are many good alternatives so there’s no harm using something like OpenVPN or L2TP instead.

But for the sake of fairness, let’s look at the advantages and disadvantages of PPTP.

Advantages

  • Very fast speeds
  • Native support by most OS’s
  • Easy to setup
  • Supported by most VPN services
  • Works with VPN routers

Disadvantages

  • Weak 128-bit encryption
  • Multiple vulnerabilites and attack vectors
  • Can be broken by skilled individuals, not just government agencies
  • Easily blocked by firewalls (no stealth).
  • Requires router pass-thru

Is there even a valid use case?

With so many weaknesses, it’s worth debating if PPTP even has value any more. Our contention is it still may be a useful protocol in cases where unbreakable security isn’t the goal (streaming, torrenting) or where there is no other good option.

For example, Android users might find that PPTP connections are much more stable than OpenVPN (which requires a separate app). So if you are mostly looking to hide your IP address from Netflix or torrent peers, you may be fine with an insecure cipher. Especially when the alternative is slower speeds or dropped connections.

If speed is your top priority, consider PPTP. When we test VPNs for our reviews, PPTP frequently outperforms the chunkier OpenVPN protocol.

Alternatives to PPTP

For other VPN use-cases that require robust security, you’ll want to use something other than PPTP. Its benefits simply don’t outweigh the severe weaknesses and encryption flaws that could expose your sensitive data to attackers.

Here are the best VPN protocols that use should consider instead:

L2TP/IPSec

L2TP/IPSec is the closest protocol to PPTP in terms of setup ease, performance and OS support. Windows, MacOS, iOS and Android all have native L2TP support. Most VPN providers offer this protocol as well.

L2TP tunnels are extremely stable, even more-so than PPTP, though speeds might be a tad slower (partially due to stronger encryption).

IPSec encrypts and authenticates every packet in the L2TP tunnel, to ensure that the data hasn’t been read or tampered with by a 3rd-party.

Bottom Line: L2TP/IPSec is the best, close alternative to PPTP.

IKEv2/IPSec

IKEv2/IPSec is an alternative to L2TP. It offers even better security and equivalent performance (if not better). Unfortunately IKEv2 doesn’t have much native OS support yet (though that is changing).

Several VPN companies have built the IKEv2 protocol into their software. One such company, IPVanish, has told us they believe IKEv2/IPSec outperforms OpenVPN when properly implemented.

Bottom Line: If your provider and OS support it, IKEv2 is a great option.

OpenVPN

How to set up openVPN client (featured image)

OpenVPN is popular Open-Source protocol, and the default option for nearly every VPN software client release by consumer virtual network providers.

It’s not the fastest or the most stable protocol, but it’s extremely flexible and works on most devices and operating systems. Furthermore, OpenVPN has an active open-source community so it’s constantly improving and bugs/flaws are found quickly.

OpenVPN is available in multiple encryption strengths, which allow you to prioritize speed or security based on your needs. VyprVPN, VPN.AC, Torguard and Private Internet Access are a few of the services that let you switch encryption modes.

One downside is that OpenVPN has no built-in support for any operating system so you always have to use a 3rd-party client either from your VPN or the OpenVPN GUI.

Bottom Line: OpenVPN is the most popular PPTP alternative and is built into most VPN client software.

Wireguard

Wireguard is the newest mainstream protocol, and still proving itself in the eyes of security researchers.

Wireguard uses eliptic curve encryption (ECC) in an effort to achieve a more optimal blend of security, stability and performance. Mainstream VPN companies have taken notice, and several now offer Wireguard as a protocol, including: NordVPN and Private Internet Access.

In testing, Wireguard outperforms PPTP on all three metrics (security, stability & speed). The only downside is it doesn’t have native support on any OS besides linux, so 3rd-party client software is required.

Bottom Line: Wireguard is a promising protocol for early adopers, and handily outperforms PPTP where it counts.

In Conclusion

PPTP has mostly outlived its usefulness, but it’s still one of the most common protocols thanks to its speed and ease of setup.

Most users would be better served by other tunneling protocols, especially L2TP/IPSec and OpenVPN which are two of the best PPTP alternatives.

Though proven to be insecure, PPTP have use for use-cases where security isn’t the primary goal. If you mostly care about hiding your location and IP address while keeping most of your available bandwidth, PPTP could be a good fit.

Best Uses for PPTP:

  • Torrent downloading
  • Streaming/Unblocking
  • Access websites with usage or location restrictions
  • Use on devices where other protocols are unavailable or unstable

When NOT to use PPTP:

Leave a Comment