Re: L2TP/PPTP

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 03/07/04 

Date: Sun, 07 Mar 2004 17:55:47 GMT

Though pptp can be very secure if configured correctly and a complex password is used
with MSCAPv2, l2tp is more secure for a number of reasons. The actual authentication
exchange is not encrypted [other than that provided by the protocol itself] in pptp
while it is in l2tp. L2tp uses a more robust encryption method and probably one of
the biggest advantages is it requires certificate machine authentication in addition
to user authentication while pptp only requires user authentication for initial
connection. That means if a hacker knows the name/password for a vpn user it is no
good to them on a computer without a trusted certificate for machine authentication.
While either can be configured on Windows computers [W9X requires client upgrade],
pptp is generally easier to set up than l2tp as is will not work through NAT routers
and requires a Certificate Authority to issue machine certificates [easy enough to do
though]. There is a NAT-T update that is supposed to work through NAT routers. See
the link below for excellent and easy to read white paper on the subject. --- Steve

http://www.microsoft.com/windowsserver2003/techinfo/overview/vpnover.mspx

"Shiva" <ask@me.nl> wrote in message news:hxC2c.2701$pN4.530@amsnews03.chello.com...
> Dear Group,
>
> T2TP is encrypted if you use IPSEC.
> PPTP is encrypted with Microsoft Encryption.
>
> Can anyone explain to use when you use L2TP or PPTP ? What are the benifits
> of each other ?
>
> Is there anyware a comparison
>
> Cheers,
> Shiva
>
>

Relevant Pages

  • Re: MS-CHAPv2 encryption
    ... If you have a windows 2003 server, and if you decide to use L2TP, you can do ... it even with NAT. ... PPTP is nice, I do agree. ... Hardware+pincode authentication rather than a domain\user+password. ...
    (microsoft.public.win2000.networking)
  • Re: Which is better PPTP or L2PT
    ... Pptp is not as secure as l2tp but it may be secure enough. ... l2tp requires the use of computer certificates and will not work over a NAT ... the internet can try to hack your VPN server because computer authentication ...
    (microsoft.public.windows.server.networking)
  • PPTP, IAS Radius and Cisco 1801
    ... I'm no able to use encryption nor compression... ... on the client i get 742 error... ... aaa authentication login console none ... Default PPTP VPDN group ...
    (comp.dcom.sys.cisco)
  • Re: PPTP, IAS Radius and Cisco 1801
    ... I'm no able to use encryption nor compression... ... on the client i get 742 error... ... aaa authentication login console none ... Default PPTP VPDN group ...
    (comp.dcom.sys.cisco)
  • RE: PPTP versus L2TP and possible attacks
    ... both L2TP and PPTP are tunneling protocols ... without any inherent encryption built in. ... But there is no question that IPSec based VPN are more ...
    (Focus-Microsoft)