- page 160

Creation and maintenance of a PPTP tunnel is carried out using a TCP connection. The VPN client uses a dynamically allocated TCP port, and the PPTP server listens on TCP port 1723. Subsequent data is encapsulated using a modified Generic Routing Encapsulation (GRE) header.

PPTP Data Encapsulation

As noted earlier, PPTP encapsulates the original IP datagram when it is transmitted between the PPTP client and PPTP server. Figure 23-4 shows the structure of a PPTP packet.

Figure 23-4: PPTP packet structure.

In Figure 23-4, the original datagram is first formatted as a PPP frame. Using PPP, this part of the datagram can be compressed using MPPC and encrypted using MPPE. The PPP frame is then encapsulated with a GRE header, which then becomes the payload of an IP packet sent between the PPTP client and server. The source and destination IPaddresses of this packet correspond to the IP addresses of the PPTP client and PPTP server. On the wire, this datagram will be further encapsulated in a Data Link Layer frame, with the appropriate header and trailer.

The GRE header used to encapsulate the PPP frame is modified for PPTP from its original definition in RFCs 1701 and 1702. The PPTP GRE header includes an Acknowledgment flag and a 32-bit Acknowledgment field, which is used to detect dropped PPTP packets. The PPTP GRE header also replaces the 32-bit Key field with a 16-bit Payload Length field and a 16-bit Call ID field. The Call ID field is used to indicate the PPTP tunnel through which the encapsulated data is traveling. GRE is a client protocol of IP using IP protocol 47.

Network Monitor Capture 23-01 (in the \Captures folder on the companion CD-ROM) provides an example of PPTP encapsulation for an unencrypted ICMP Echo and Echo Reply message.

PPTP Control Connection

The PPTP control connection is a TCP connection between the VPN client and the VPN server that is used for PPTP tunnel management. There are PPTP processes for the following:

• PPTP control connection creation

• PPTP control connection maintenance

• PPTP control connection termination

PPTP control connections are managed by exchanging a series of PPTP messages. Each PPTP message is the payload of a TCP segment and has a different packet structure. For the details of the packet structure of PPTP control messages, see RFC 2637.

PPTP Control Connection Creation

The creation of a PPTP control connection between a Windows Server 2003 PPTP client and a Windows Server 2003 PPTP server consists of the following exchange of messages:

1. A TCP connection is established from a dynamically allocated port used by the PPTP client to TCP port 1723 on the PPTP server.

2. The PPTP client sends a PPTP Start-Control-Connection-Request message to establish a PPTP control connection.

3. The PPTP server responds with a PPTP Start-Control-Connection-Reply message.

4. The PPTP client sends a PPTP Outgoing-Call-Request message and selects a Call ID to identify the PPTP tunnel for data sent from the PPTP client to the PPTP server.

5. The PPTP server responds with a PPTP Outgoing-Call-Reply message and selects its own Call ID to identify the PPTP tunnel for data sent from the PPTP server to the PPTP client.

6. The PPTP client sends a PPTP Set-Link-Info message to indicate PPP-negotiated options.

After the PPTP control connection is established, the separate Call IDs selected by the PPTP client and PPTP server are used in the GRE header for sent data to identify the PPTP tunnel.

Network Monitor Capture 23-02 (in the \Captures folder on the companion CD-ROM) provides an example of the creation of a PPTP control connection and the subsequent PPP negotiation (unencrypted).

PPTP Control Connection Maintenance

PPTP control connections are maintained by the exchange of PPTP Echo-Request and PPTP Echo-Reply messages. Either the PPTP client or the PPTP server can send the initial PPTP Echo-Request message.

Network Monitor Capture 23-03 (in the \Captures folder on the companion CD-ROM) provides an example of PPTP control connection maintenance.