pptp
Establish a PPTP VPN connection
SYNOPSIS
pptp hostname [options]
PARAMETERS
hostname
The hostname or IP address of the PPTP server.
--nolaunchpppd
Do not launch pppd automatically; only initiate the PPTP connection.
--phone number
The phone number used for the PPTP connection (usually the server's address).
--speed bps
The connection speed in bits per second.
--sync
Synchronous HDLC framing.
--nobsdcomp
Disable BSD compression.
--novj
Disable Van Jacobson header compression.
--nodefaultroute
Do not add a default route through the PPTP server.
--debug
Enable debugging output.
--loglevel level
Set the logging level (0-9).
--timeout seconds
Set the timeout for the PPTP connection.
--pppd options
Pass additional options to pppd.
--nobuffer
Do not buffer packets for reduced latency.
--idle-wait seconds
Wait this many seconds before going idle.
--quirks quirk
Apply workarounds for misbehaving PPTP servers. Possible values include: mppe_stateless, remote_ip, nocrash, noresetroute.
--pidfile path
Write the process ID to the specified file.
--noencrypt
Disable MPPE encryption.
--require-mppe
Require MPPE encryption.
--require-mppe-128
Require 128-bit MPPE encryption.
--set-mppe-key key
Set a fixed MPPE key (dangerous!).
DESCRIPTION
The pptp command establishes a Point-to-Point Tunneling Protocol (PPTP) connection to a remote server. It acts as a client, negotiating a tunnel using TCP control connections and Generic Routing Encapsulation (GRE) data packets. This allows you to securely route network traffic through the PPTP server, often used to access private networks or circumvent network restrictions. The command handles authentication (using protocols like PAP, CHAP, MS-CHAP, and MS-CHAPv2), encryption (MPPE), and IP address assignment. The PPTP client uses the Linux kernel's PPP (Point-to-Point Protocol) subsystem to manage the data link layer. This allows it to function in conjunction with other PPP tools like pppd for configuration, authentication, and routing. Modern VPN solutions like OpenVPN and WireGuard are typically preferred now due to better security.
CAVEATS
PPTP is considered insecure due to known vulnerabilities. It should not be used if security is a primary concern. Use more secure VPN protocols like OpenVPN, IPsec, or WireGuard instead.
<B>USAGE NOTES</B>
The pptp command typically needs to be run with root privileges to modify network interfaces and routing tables.
It relies on the pppd daemon for PPP link management, so pppd must be properly configured.
Configuration files such as /etc/ppp/options, /etc/ppp/peers/*, and /etc/ppp/chap-secrets are used to define authentication and connection parameters.
<B>TROUBLESHOOTING</B>
If the connection fails, check the PPTP server logs and the system logs for error messages.
Ensure that the PPTP GRE protocol (IP protocol 47) is not blocked by any firewalls.
Common issues include authentication failures, IP address conflicts, and routing problems.
HISTORY
PPTP was developed in the late 1990s by a consortium of companies including Microsoft. It became widely used for remote access VPNs due to its relative ease of configuration and integration with Windows. However, its security weaknesses have become well-known over time, leading to its decline in favor of more secure alternatives.