Options
Question on PPP
GHOSTRIDER2016
Member Posts: 35 ■■□□□□□□□□
in Network+
Chaps,
I am struggling with understanding the concepts which I hope you can shed some light on,
I believe that PPP is used to establish a connection between an endpoint node and a server. However I believe that PPTP provides an encrypted tunnel to ensure data integrity. Is this correct ? Does this mean that PPTP is used inside PPP to protect data ?.
If PPTP is used within PPP then is there any sense in adding IPSEC or MSCHAP to the mix ?
Thanks
Kevin
I am struggling with understanding the concepts which I hope you can shed some light on,
I believe that PPP is used to establish a connection between an endpoint node and a server. However I believe that PPTP provides an encrypted tunnel to ensure data integrity. Is this correct ? Does this mean that PPTP is used inside PPP to protect data ?.
If PPTP is used within PPP then is there any sense in adding IPSEC or MSCHAP to the mix ?
Thanks
Kevin
Comments
-
OptionsOctalDump
Member Posts: 1,722
"PPP is used to dial DIRECTLY into to say..a company network, whereas PPTP is used to create a virtual private network over the internet"
PPTP would usually run over TCP/IP, which might run on top of PPP for part of its journey.
PPTP is largely deprecated due to numerous security issues, so IPSEC is normally used to encrypt. IPSec is part of TCP/IP and is a network layer 'extension' to regular IP. So you can think of it as running IP with security options. You can run both, since PPTP provides a layer 2 tunnel, which you can run TCP/IP in, and consequently IPSec.
MSCHAP is an authentication protocol which is used, commonly, to establish the link (PPP or PPTP) in the first place.
So you might end up with something like
Ethernet Frame [PPP [TCP/IP [ PPTP [ TCP/IP....
Or
Ethernet Frame [PPP [TCP/IP + IPSec [ L2TP [ TCP/IP...
As you can see once you get to TCP/IP, you can encapsulate another protocol within that.
You might have this "double VPN" of IPSec within PPTP (or vice versa) if you had two routers doing a site to site VPN, and then someone used that link to connect using a host to host VPN. For the part of the journey over the site to site VPN, you might have:
PPP [TCP/IP [PPTP [ TCP/IP + IPSec [ L2TP [ TCP/IP...
The layered OSI model is pretty important to getting your head around this. Once you get that, and that you 'tunnel' lower layers within higher layers, then the rest is very straight forward.2017 Goals - Something Cisco, Something Linux, Agile PM -
OptionsGHOSTRIDER2016
Member Posts: 35 ■■□□□□□□□□
Thankyou for sharing your knowledge with me."PPP is used to dial DIRECTLY into to say..a company network, whereas PPTP is used to create a virtual private network over the internet"
PPTP would usually run over TCP/IP, which might run on top of PPP for part of its journey.
PPTP is largely deprecated due to numerous security issues, so IPSEC is normally used to encrypt. IPSec is part of TCP/IP and is a network layer 'extension' to regular IP. So you can think of it as running IP with security options. You can run both, since PPTP provides a layer 2 tunnel, which you can run TCP/IP in, and consequently IPSec.
MSCHAP is an authentication protocol which is used, commonly, to establish the link (PPP or PPTP) in the first place.
So you might end up with something like
Ethernet Frame [PPP [TCP/IP [ PPTP [ TCP/IP....
Or
Ethernet Frame [PPP [TCP/IP + IPSec [ L2TP [ TCP/IP...
As you can see once you get to TCP/IP, you can encapsulate another protocol within that.
You might have this "double VPN" of IPSec within PPTP (or vice versa) if you had two routers doing a site to site VPN, and then someone used that link to connect using a host to host VPN. For the part of the journey over the site to site VPN, you might have:
PPP [TCP/IP [PPTP [ TCP/IP + IPSec [ L2TP [ TCP/IP...
The layered OSI model is pretty important to getting your head around this. Once you get that, and that you 'tunnel' lower layers within higher layers, then the rest is very straight forward.