Point-to-Point Tunneling Protocol (PPTP) is a VPN tunneling technology based on PPP (Point to Point) point-to-point protocol.
PPTP working model: The
PPTP client first establishes a TCP connection with the PPTP server, and then implements PPTP link control on the TCP connection. The subsequent link control protocol and data packets are carried by GRE on the IP protocol, and the established TCP connection is only Used for PPTP link control. The actual transmission process is also to encapsulate the data packets in the PPP protocol format, and then transmit the PPP-encapsulated data on the IP protocol.
The role of PPTP:
When a remote user wants to access the company's private network, the PPTP network access method can be used. The user first dials up to the PPTP Server to establish a PPP connection, establishes a TCP connection between the PPTP Client and the Server, and then establishes a user to PPTP connection through PPTP negotiation. The tunnel of the server, and then through the NCP negotiation of the PPP protocol, an IP in the network segment is allocated to the user, and the user can use the allocated IP to communicate in the local area network (in fact, it is only a logical local area network, and the geographical location may span a large distance). . This provides a way to create a secure connection over the public network for remote access to the VPN.
The PPTP protocol is a point-to-point tunneling protocol, which separates control packets from data packets, and the control packets are controlled by TCP. PPTP uses the TCP protocol and is suitable for use in networks without firewall restrictions.
NAS: : Network Access Server, network access server.
PAC: PPTP Access Concentrator, PPTP network concentrator. A device that allows you to create PPP and handle the PPP protocol attached to one or more PSTN or ISDN lines. The PAC only needs to perform TCP/IP transmission services to one or more PNSs, and can also open up tunnels for non-IP protocols.
PNS: PPTP Network Server, PPTP Network Server
PPTP allows the use of a Client-Server model to decompose the functionality of an existing Network Access Server (NAS). Here we first look at the functions of traditional NAS
+ 1) to PTSN, ISDN's inherent physical interface and control of external modems, terminal adapters
+ 2) as a PPP LCP session terminal
+ 3) to participate in PPP authentication protocol
+ 4) Channel aggregation and binding management for PPP multi-link protocol
+ 5) As a logical terminal of various PPP Network Control Protocol (NCP)
+ 6) Multi-protocol routing and bridge between NAS interfaces The
PPTP protocol divides the functions of the above NAS into PAC and PNS were given. PAC is responsible for 1 and 2, and possibly 3; PNS is responsible for 4, 5, 6, and possibly 3.
The PPTP protocol is only implemented by PAC and PNS, and no other systems need to know about PPTP. Dial-up networking can connect to a PAC without knowing PPTP.
PPTP frame
PPTP packets are divided into two types
+ PPTP control packets: used to create, maintain, and terminate PPTP connections
+ PPTP data packets: used to transmit PPP data packets, which are encapsulated in GRE (Generic Routing Encapsulation) for transmission
1 PPTP control message
Earlier we mentioned that to establish a PPTP tunnel, a TCP connection needs to be established first, and the following PPTP packet packets appear.
2. PPTP data message
For data packets, both PPTP Server and PPTP Client use two IP addresses. One is the public IP address, which is used to connect to the Internet; the other is the intranet IP assigned by PPTP dial-up. (The PPTP Server may be a manually configured private network address, and the private network address of the PPTP Client is obtained from the PPTP Server)
PPTP protocol overview
PPTP has two parallel components:
+ 1. PPTP link control: a TCP-based PAC-PNS pair operates a control connection
+ 2. PPTP data transfer: an IP tunnel operation between the same PAC-PNS pair. This operation is used to transmit the GRE (Generic Routing Encapsulation, that is, a general routing encapsulation protocol) of the encapsulated PPP packet to provide services for users between the PAC-PNS pair.
link control
Before the PPP tunnel between the PAC and PNS can be established, a control connection must be established between them.
The main functions of the control layer include:
1. Exchange basic information with each other;
2. Responsible for creating, maintaining, and deleting Sessions;
3. Responsible for creating, maintaining, and deleting Tunnels;
4. Updating communication parameters; (Set-Link-Info)
5. Maintenance Controls the connection state of the layer itself. (Echo-Request, Echo-Reply)
The control connection is a standard TCP session, and PPTP call control and management information can be transmitted over TCP.
The control layer connection is established based on TCP. The PPTP Server listens to the TCP1723 port and waits for the connection request of the Client.
One thing to pay attention to is the state maintenance of the control layer itself. If both parties of the PPTP connection do not receive any information from the control layer within a period of time (60 seconds), they will send an Echo-Request to query the connection status of the control layer, and the receiver will respond with an Echo-Reply. If the sender does not receive a response within 60 seconds, it will disconnect the control plane.
The control layer itself is not responsible for transmitting the payload.
The establishment of PPTP link can be divided into the following stages:
1. TCP connection establishment stage
2. PPTP control layer connection establishment stage
3. PPP session stage (including LCP negotiation, identity authentication, NCP negotiation, etc.)
4. PPTP tunnel Interaction of data packets (this is the actual communication flow, the communication packages are PPP packets encapsulated by GRE)
5. Maintenance of
PPTP link 6. The termination of PPTP link in
stages 1-3 is shown in the following figure:
1. Establish a TCP connection
- a) The client side sends a TCP SYN packet to port 1723 of the PPTP Server, requesting to establish a TCP connection;
- b) PPTP Server accepts TCP connection request and returns SYN ACK;
- c) The PPTP Client replies with an ACK message and completes the three-way handshake. (I have seen some articles saying that when the PPTP protocol establishes a TCP connection, the three-way handshake is only performed for the first two times, and the third time does not send an ACK message separately, but carries a payload. I don’t know if this is really possible, but Judging from the packets I caught, the three-way handshake was completed.
The datagram is the black packet in the figure below (packet numbers 39, 40, and 41).
2. Establish PPTP control layer connection
- a) The PPTP Client sends a Start Control Connection Request.
The control link initiates a request to initialize the Tunnel between the PPTP Client and the Server, and start the Tunnel establishment process. - b) PPTP Server returns Start Control Connection Reply.
The control link response indicates that the connection request from the peer end is accepted, and the tunnel establishment process can continue. - c) PPTP Client sends Outgoing Call Request;
create a tunnel, select a call ID used to identify the PPTP tunnel used to send data from the client to the server - d) PPTP Server returns Outgoing Call Reply.
Tunnel creation success response. Select a call ID to identify the PPTP tunnel used to send data from the server to the client - e) PPTP Client sends a Set-Link-Info
to specify PPP negotiation options.
So far, the PPTP control layer connection has been established.
3. PPTP control link termination
1). PPTP Client sends a Set-Link-Info to specify PPP negotiation options.
2). PPTP Client sends an LCP Terminate-Request message to terminate the PPP connection.
3). PPTP Server sends a Set-Link-Info to specify PPP negotiation options.
4). PPTP Server sends LCP Terminate-Reply to terminate the PPP connection.
5). PPTP Client sends a PPTP Clear-Call-Request to request call termination.
6). PPTP Server sends a PPTP Call-Disconnected-Notify to notify that the call is about to be terminated.
7). The PPTP Client sends a PPTP Stop-Control-Connection-Request to terminate the connection.
8). PPTP Server sends a PPTP Stop-Control-Connection-Reply in response.
So far the TCP connection is terminated
Data transfer (Tunnel)
The control layer does not provide payload, and the data of the application layer is transmitted through the tunnel.
After the PPTP tunnel is established, PPP data packets can be transmitted between the client and the server. The PPP data packets are encapsulated in GRE (Generic Routing Encapsulation) packets, and the GRE packets are transmitted on the IP layer.
**What is Tunnel: **The definition of Tunnel in RFC is "A tunnel is defined by a PNS-PAC pair", that is, a PNS-PAC pair is a tunnel.
The key point of PPTP data transmission is actually the packetization and depacketization of data packets. Let's first look at the next data packet transmitted in PPTP
Data transmission - packet process
On the sending end , to send a data packet, it is necessary to first send the packet to the virtual network card of the VPN. The virtual network card turns it into a GRE frame, and then sends it to the IP layer for routing again. The packet will be sent to the physical network this time, and finally arrive at the PPTP Server.
The key to the packet is the network layer and the link layer.
1. **PPP frame encapsulation:** After the IP layer receives the data packet from the transport layer, it transmits it to the VPN virtual network card of the link layer, adds a PPP header, and encapsulates it into a PPP frame.
2. GRE packet encapsulation: The data packet encapsulated by the VPN network card is returned to the network layer, and the GRE header is added by the GRE protocol of the network layer to form a GRE packet.
3. IP re-encapsulation: The GRE packet is sent to the same network Layer IP protocol, encapsulate the IP header, add the IP header twice, and form a new IP datagram. The IP datagram
after the secondary IP encapsulation is passed to the Ethernet processing program of the link layer for normal transmission, and is transmitted through the network card. to the Internet.
Data reception - unpacking process
At the receiving end , after receiving the frame from the physical network card, it is sent to the IP layer. The IP unpacks it and forwards it to the VPN virtual network card. The virtual network card unpacks it and turns it into a normal IP packet and sends it to the IP layer again. This time the IP The layer knows that the data sent by the VPN peer end is directly handed over to TCP/UDP and finally reaches the application layer.
The receiving process of PPTP tunnel data is just the opposite of the sending process.
summary
