LinuxCommandLibrary

pptp

Establish a PPTP VPN connection

SYNOPSIS

pptp hostname [options]

PARAMETERS

hostname
    The hostname or IP address of the PPTP server.

--nolaunchpppd
    Do not launch pppd automatically; only initiate the PPTP connection.

--phone number
    The phone number used for the PPTP connection (usually the server's address).

--speed bps
    The connection speed in bits per second.

--sync
    Synchronous HDLC framing.

--nobsdcomp
    Disable BSD compression.

--novj
    Disable Van Jacobson header compression.

--nodefaultroute
    Do not add a default route through the PPTP server.

--debug
    Enable debugging output.

--loglevel level
    Set the logging level (0-9).

--timeout seconds
    Set the timeout for the PPTP connection.

--pppd options
    Pass additional options to pppd.

--nobuffer
    Do not buffer packets for reduced latency.

--idle-wait seconds
    Wait this many seconds before going idle.

--quirks quirk
    Apply workarounds for misbehaving PPTP servers. Possible values include: mppe_stateless, remote_ip, nocrash, noresetroute.

--pidfile path
    Write the process ID to the specified file.

--noencrypt
    Disable MPPE encryption.

--require-mppe
    Require MPPE encryption.

--require-mppe-128
    Require 128-bit MPPE encryption.

--set-mppe-key key
    Set a fixed MPPE key (dangerous!).

DESCRIPTION

The pptp command establishes a Point-to-Point Tunneling Protocol (PPTP) connection to a remote server. It acts as a client, negotiating a tunnel using TCP control connections and Generic Routing Encapsulation (GRE) data packets. This allows you to securely route network traffic through the PPTP server, often used to access private networks or circumvent network restrictions. The command handles authentication (using protocols like PAP, CHAP, MS-CHAP, and MS-CHAPv2), encryption (MPPE), and IP address assignment. The PPTP client uses the Linux kernel's PPP (Point-to-Point Protocol) subsystem to manage the data link layer. This allows it to function in conjunction with other PPP tools like pppd for configuration, authentication, and routing. Modern VPN solutions like OpenVPN and WireGuard are typically preferred now due to better security.

CAVEATS

PPTP is considered insecure due to known vulnerabilities. It should not be used if security is a primary concern. Use more secure VPN protocols like OpenVPN, IPsec, or WireGuard instead.

<B>USAGE NOTES</B>

The pptp command typically needs to be run with root privileges to modify network interfaces and routing tables.
It relies on the pppd daemon for PPP link management, so pppd must be properly configured.
Configuration files such as /etc/ppp/options, /etc/ppp/peers/*, and /etc/ppp/chap-secrets are used to define authentication and connection parameters.

<B>TROUBLESHOOTING</B>

If the connection fails, check the PPTP server logs and the system logs for error messages.
Ensure that the PPTP GRE protocol (IP protocol 47) is not blocked by any firewalls.
Common issues include authentication failures, IP address conflicts, and routing problems.

HISTORY

PPTP was developed in the late 1990s by a consortium of companies including Microsoft. It became widely used for remote access VPNs due to its relative ease of configuration and integration with Windows. However, its security weaknesses have become well-known over time, leading to its decline in favor of more secure alternatives.

SEE ALSO

pppd(8), route(8), ifconfig(8)

Copied to clipboard