Configuring Virtual Private Networking

Windows Server 2003 Routing and Remote Access Service enables administrators to configure the system for virtual private network (VPN) access for remote clients. VPN connections can be established by using the Point-to-Point Tunneling Protocol (PPTP) and secured by PPTP's own built-in PPP encryption. You can also use Layer Two Tunneling Protocol (L2TP) with Internet Protocol Security (IPSec) to secure the transmitted data. Administrators using Windows Server 2003 can create up to 1,000 PPTP ports and 1,000 L2TP ports to be available for connecting clients .

VPN server support for PPTP is built into members of the Windows Server 2003 family, including Web Edition. The Web Edition of the server operating system can accept only one VPN connection at a time, regardless of how many PPTP ports and L2TP ports are configured.

PPTP uses PPP authentication, compression, and encryption mechanisms and has been around since the Windows NT 4.0 days. It is installed on the system as part of the TCP/IP protocol suite. The default configuration for RRAS allows PPTP to be configured with five PPTP and five L2TP ports, but you can also choose the VPN option, which automatically creates 128 PPTP and 128 L2TP ports.

Microsoft Point-to-Point Encryption (MPPE) is what provides the primary VPN encapsulation and encryption of data for PPTP VPN connections. Three levels of encryption are provided for PPTP and IPSec. The first is basic encryption (MPPE 40-bit), which is often used for backward-compatibility with older operating systems and other countries where high encryption is not available. Basic encryption can use IPSec Data Encryption Standard (DES) or MPPE 40-bit data encryption. It is no longer considered a high level of encryption and can now be broken fairly easily.

Strong encryption (MPPE 56-bit) uses IPSec DES or MPPE 56-bit data encryption to secure the data. It's used when some level of security is required but security overhead needs to be minimized. This scheme is harder to break than its 40-bit cousin, but it has been done.

The strongest level of security comes from IPSec Triple DES (3DES) or MPPE 128-bit data encryption, which is the most secure level provided to data from within the operating system. This encryption scheme offers the highest level of security for data, but results in the highest overhead on system hardware; however, most of today's mid-range and high-end systems can readily handle this load.

PPTP does not require a Public Key Infrastructure (PKI) to issue computer certificates to connecting clients; L2TP does, however, unless a shared key is used in a client/server connection.

The transmitted data is encrypted with MPPE, using encryption keys generated from the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), MS-CHAP version 2 (MS-CHAP v2), or Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) authentication process, depending on which one is in use for your configuration. VPN clients must use the same encryption schemes for the data to be encrypted and decrypted.

For L2TP and data security and confidentiality, IPSec, not MPPE, protects and validates the transmitted data. Both L2TP and IPSec must be supported by the VPN client and VPN server for the data to be encrypted and decrypted when this configuration is in use.

Client support for L2TP and PPTP is built into the Windows XP remote access client by default. On the server side, it's built into all members of the Windows Server 2003 family.

Data encrypted with L2TP uses DES or 3DES encryption by using encryption keys supplied by the Internet Key Exchange (IKE) negotiation process. IKE is a protocol that establishes the security association (SA) between two communicating systems over IPSec.

For a better understanding of all the potential clients that might be connecting to your Windows Server 2003 VPN server, the following list outlines the Microsoft clients and their supported tunneling protocols and authentication methods :

• Windows Server 2003 systems, Windows XP Home Edition and Professional systems, and Windows 2000 Server systems and Professional workstations can be configured to use PPTP or L2TP.

• By default, Windows NT 4 Workstation and Server operating systems as well as Windows Me, 98, and 95 (using the Windows Dial-Up Networking 1.3 Performance and Security Upgrade for Windows 95) can connect to the VPN server using only PPTP; L2TP is not supported unless the Microsoft L2TP/IPSec VPN client is installed.

• Windows Server 2003 systems, Windows XP Home Edition and Professional systems, and Windows 2000 Server systems and Professional workstations can be configured to use Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP), CHAP, MS-CHAP, MS-CHAP v2, and EAP remote access authentication protocols.

• Windows NT 4 Workstation and Server operating systems as well as Windows 98 (Service Pack 1 and later) and Windows 95 (using the Dial-Up Networking 1.4 Upgrade) can connect using everything mentioned in this list, except EAP; these clients cannot use this remote access authentication protocol.

PAP sends all the supplied credentials over the wire in clear text and, therefore, provides no protection against unauthorized access of the information being transmitted. Anyone running a networking scanner in promiscuous mode can read the information being sent. PAP, the least secure of the authentication protocols, is often used only when clients and servers cannot negotiate a more secure confirmation.

SPAP is an older, proprietary, two-way reversible encryption mechanism originally designed by Shiva. (Intel acquired Shiva Corporation in February 1999.) When server and client systems use this hardware solution, Shiva encrypts the password data sent between the client and server.

CHAP, explained in more detail in RFC 1334, is sometimes referred to as "MD5 “CHAP." This challenge-response authentication protocol uses the MD5 message-digest algorithm for a one-way encryption scheme on the response from the client system. Remote access servers return a challenge to client systems that attempt to make a connection. When the remote access client receives the challenge, it sends a response containing the username and a one-way encryption of the challenge string, the session identifier, and the password so that the remote access server can check the response and verify whether the information supplied is valid. If the supplied username and password information is valid and the remote connecting system and end user have the proper rights to make the connection, permission is granted.

VPN and RRAS servers can be configured to use MS-CHAP (sometimes referred to as "MS-CHAP v1") and MPPE (described in RFC 3078) to encrypt data between the client and server.

MS-CHAP v1 is a nonreversible, encrypted password authentication protocol that RRAS and VPN servers use to send a challenge to the connecting remote access client. This challenge consists of a session identifier and an arbitrary challenge string. When the connecting client receives the challenge, it responds by supplying the username of the user attempting the connection and a nonreversible encryption of the challenge string, the session identifier, and the password. If the supplied response information is valid and the remote connecting system and end user have the proper rights to make the connection, permission is granted at this point.

MS-CHAP v1 has some issues that make it less secure than its MS-CHAP v2 cousin. Less secure LAN Manager challenge responses are used for backward-compatibility with legacy RRAS and VPN clients. Also, in 40-bit encrypted connections, the user password cannot be longer than 14 characters , or the connection is denied automatically because the remainder of the password cannot be parsed. This affects all types of VPN and RRAS sessions. Not only are challenge responses less secure, but so are any password changes made using the encrypted password authentication protocol. (MS-CHAP v2 no longer allows LAN Manager “encoded challenge responses or password changes for this reason.)

MS-CHAP v1 uses only one-way authentication, so the client has no way to ascertain whether it has actually connected to the correct VPN server or to a rogue system that is allowing the authentication. MS-CHAP v2 provides two-way, mutual authentication, which allows the remote access client to verify that the VPN server it's connecting to is the correct system.

MS-CHAP v2 uses stronger initial data encryption keys based on the user's password and an arbitrary challenge string that varies each time the user connects. Windows 2000 dial-up and VPN connections can use MS-CHAP v2. Systems running Windows NT 4 and Windows 98 can use MS-CHAP v2 authentication for VPN connections only.