Explain Two Tunnelling Protocols Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This report will outline the reasons why tunnelling is used and describe two of the most commonly used tunnelling protocols. This report aims to inform why they have been developed and why one might be preferred over the other.

In this report, I will be mainly focusing on

The main aim of this report is to present information on the following areas

Explain network tunnelling

Briefly describe the reasons for tunnelling

Explain two tunnelling protocols

Compare the strengths and weaknesses of the two tunnelling protocols

Network Tunnelling

Tunnelling allows one network to send its data through another network's connections; for example the internet. Tunnels are used to create a safe and secure network connection between a private network and a remote host. This enables a remote user to gain access to resources on their private network.

It does this by using tunnelling protocols; this is where a packet based on one protocol is encapsulated in a second packet based on whatever protocol is needed in order for it to travel through the intermediary network. In effect the, the second wrapper 'insulates' the original packet and creates the illusion of a tunnel. Tunnelling technology can be implemented using a Layer 2 or Layer 3 tunnelling protocol.

In real life term, tunnelling is compared to 'encapsulating' a present (original packet) in a box (second wrapper) for delivery through the postal service.

Reasons for Tunnelling

PPTP eliminates the need for expensive, leased-line or private enterprise-dedicated communication

servers because you can use PPTP over PSTN lines. PPTP simplifies and reduces the cost of deploying an enterprise-wide, remote access solution for remote or mobile users because it provides secure and encrypted communications over public telephone lines and the Internet

Tunnelling Protocols

Point To Point Tunnelling Protocol

The Point to Point Tunneling Protocol (PPTP) was developed by PPTP Forum. This was a group of companies that included Microsoft; Ascend, US Robotics and. 3Com.PPTP is one of the most commonly implemented tunnelling protocols. This is mainly due to the fact that it's supported by windows clients and it's fairly simple to configure and maintain. PPTP has the capacity to provide on-demand, multiprotocol for Virtual private networks utilizing public networks for instance the Internet.

(King, 27/2/2013)

PPTP is an expansion of the Point-to-Point protocol (PPP) RFC 1661.

PPTP works at the datalink layer of the OSI model.

There is no encryption with PPTP as it only establishes the tunnel.

PPTP is an extension of the Internet standard Point-to-Point protocol (PPP), the link layer protocol used to transmit IP packets over serial links.

The authentication used by PPTP is the same as PPP (PAP, SPAP, CHAP, MS-CHAP v.1/v.2 and EAP).

 PPTP encrypted using Microsoft Point-to-Point Encryption (MPPE) protocol to create a secure VPN. PPTP has relatively low overhead, this making it faster than some other VPN methods.

Structure of a PPTP Packet Containing an IP Datagram

Structure of PPTP Packet Containing IP Datagram

Most old vulnerabilities in PPTP are fixed these days and you can combine it with EAP to enhance it to require certificates as well.

One advantage of using PPTP is that there is no requirement for a certificate infrastructure. However EAP does use digital certificates for mutual authentication (both client and server) and higher security.

How works: A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage as second GRE(generic routing encapsulation) tunnel to the same peer.

Port/protocol: 1723 TCP and protocol GRE

User Authentication Protocol: EAP-TLS or MS-CHAP v2

Encryption method: MPPE (Microsoft Point-to-Point Encryption)

Encryption Strength: MPPE 40 and 128 bit

Layer 2 Tunnelling Protocol

The Layer 2 Tunnelling Protocol (L2TP) was developed in cooperation between Cisco and Microsoft to combine features of PPTP with those of Cisco's proprietary Layer 2 Forwarding (L2F) protocol.L2TP (Layer Two Tunnelling Protocol) supports non-TCP/IP clients and protocols (such as Frame Relay, ATM and SONET).

L2TP does not provide any encryption or confidentiality by itself. It relies on an encryption protocol that it passes within the tunnel to provide privacy. Nowadays L2TP connections do not negotiate the use of PPP encryption through Microsoft Point-to-Point Encryption (MPPE). Instead, encryption is provided through the use of the Internet Protocol security (IPSec) Encapsulating Security Payload (ESP) header and trailer. It is also important to note that IPsec is more resource intensive than PPTP, hence the overhead with a L2TP solution is higher than PPTP.

Structure of an L2TP Packet Containing an IP Datagram

Structure of L2TP Packet Containing an IP Datagram

Port: 1701 UDP

User Authentication Protocol: EAP-TLS or MS-CHAP v2

* In addition to providing computer-level authentication, IPSec provides end-to-end encryption for data that passes between the sending and receiving nodes.

Encryption: IPSec

Encryption Strength: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms


L2TP/IPSec and PPTP are similar in the following ways:

provide a logical transport mechanism to send PPP payloads;

provide tunneling or encapsulation so that PPP payloads based on any protocol can be sent across an IP network;

rely on the PPP connection process to perform user authentication and protocol configuration.

Some facts about PPTP:

+ PPTP easy to deploy

+ PPTP use TCP, this reliable solution allow to retransmit lost packets

+ PPTP support

- PPTP less secure with MPPE(up to 128 bit)

- data encryption begins after the PPP connection process (and, therefore, PPP authentication) is completed

- PPTP connections require only user-level authentication through a PPP-based authentication protocol

Some facts about L2TP(over IPsec):

+ L2TP/IPSec data encryption begins before the PPP connection process

+ L2TP/IPSec connections use the AES(up to 256bit) or DESUup to three 56-bit keys)

+ L2TP/IPSec connections provide stronger authentication by requiring both computer-level authentication through certificates and user-level authentication through a PPP authentication protocol

+ L2TP use UDP. It is a faster, but less reliable, because it does not retransmit lost packets, is commonly used in real-time Internet communications

+ L2TP more "firewall friendly" than PPTP - a crucial advantage for an extranet protocol due to most firewalls do not support GRE

- L2TP require certificate infrastructure for issuing computer certificates

There's no clear winner, but PPTP is older, more light-weight, works in most cases and clients are readily pre-installed, giving it an advantage in normally being very easy to deploy and configure (without EAP).

Strengths And Weaknesses Of PPTP and L2TP

Both PPTP and L2TP have advantages and disadvantages:

PPTP can only run on top of IP networks, whereas L2TP can use other protocols such as Internetwork Packet Exchange (IPX) and Systems Network Architecture (SNA).

PPTP does not support dial-in authentication protocols such as Remote Authentication Dial-In User Service (RADIUS) and Terminal Access Controller Access Control Systems (TACACS+), whereas L2TP does.

PPTP is an encryption protocol, whereas L2TP is not, so it lacks security.


Layer 2 Tunneling Protocol (L2TP) is a protocol used to tunnel data communications traffic between two sites over the Internet. L2TP is often used in tandem with IPSec (which acts as a security layer) to secure the transfer of L2TP data packets over the Internet. Unlike PPTP, a VPN implementation using L2TP/IPSec requires a shared key or the use of certificates.

Advantages & Disadvantages

A VPN is a inexpensive effective way of building a private network. The use of the Internet as the main communications channel between sites is a cost effective alternative to expensive leased private lines. The costs to a corporation include the network authentication hardware and software used to authenticate users and any additional mechanisms such as authentication tokens or other secure devices. The relative ease, speed, and flexibility of VPN provisioning in comparison to leased lines makes VPNs an ideal choice for corporations who require flexibility. For example, a company can adjust the number of sites in the VPN according to changing requirements.

There are several potential disadvantages with VPN use. The lack of Quality of Service (QoS) management over the Internet can cause packet loss and other performance issues. Adverse network conditions that occur outside of the private network is beyond the control of the VPN administrator. For this reason, many large corporations pay for the use of trusted VPNs that use a private network to guarantee QoS. Vendor interoperability is another potential disadvantage as VPN technologies from one vendor may not be compatible with VPN technologies from another vendor. Neither of these disadvantages have prevented the widespread acceptance and deployment of VPN technology.