Virtual Private Networks (VPN / PPTP)

by Johannes Helmig [Published on 26 July 1998 / Last Updated on 26 July 1998]

The Internet has evolved in the last year to one of the main issues in networking:

Most people use it to "surf": to view WWW-webpages in HTML-format.
But the Internet has also its security problems, because any information transmitted from your system (like: your credit-card number , you enter on making an online purchase), is transmitted via several stages to the destination server, and somebody could listen in to that transmission:

That problem was solved by introducing SHTTP (Secure Hyper Text ) in addition to the standard HTTP-protocol.

Now the worldwide availability of the Internet becomes more and more interesting for companies for internal use:

-have the "road warriors" (salesmen, service technician,..) connect to the
home office via Internet (instead of making expensive long distance,
sometimes intercontinental, phone calls)

- connect branch offices in different locations (countries, continents)
via Internet (instead via expensive leased lines, like: Frame-relay)

It is very easy to setup a Windows system (95 / 98 / NT4) to share a drive via the Internet, but again, it leaves a security problem:

unauthorized people (usually called hackers) try to break in (not everybody has such top secret information like the US Department of Defense, which have several hundred such attacks a day, but hackers can do some damage to any data).
For that reason, companies connecting their network to the Internet usually try to protect their system by installing a "Firewall": a filter between the Internet and the company network.

To allow secure connection via the Internet, several companies (including Microsoft) agreed on a new protocol:
Point-to-Point TunnelingProtocol (PPTP).

PPTP allows to establish via an IP-network (which is usually the Internet, but can also be a company Intranet) a secure connection by encapsulating inside the IP-packet an encrypted private protocol, which can be NetBEUI, IPX or TCP/IP (with a private IP-address range):

There are several companies offering now devices/support for PPTP.

Microsoft has implemented PPTP on Windows 95 / 98 / NT4 as:
Virtual Private Network (VPN):

Using NetBEUI as example, the above animation shows:
- the network client passes a request to the protocol layer
- the request is wrapped in a protocol envelope
(in this example: NetBEUI)
- the protocol envelope is passed on to the VPN-adapter
- the protocol envelope is wrapped again inside a TCP/IP envelope
- the TCP/IP envelope is transmitted via the Internet

on the receiving system:
- the VPN-adapter opens the TCP/IP envelope.
- the protocol envelope is then opened again.
- the data
(the "letter inside 2 envelopes") is passed on to its final destination.

You can download detailed information via a link from: on:

Virtual Private Networking
Installation, Configuration, and Using PPTP with
Microsoft Clients and Servers

User and Administration Guide

it downloads as MSPPTP.EXE (143 Kbyte), which is self-extracting to a word-file: PPTPInstall5-22.doc (1.378 KByte) with 34 pages.

Support for Virtual Private Networking:
available as Client as FREE download from Microsoft as
part of the Dialup-Networking 1.2 Upgrade
included as Client
NT4included in NT4 Workstation and Server as Client and Server
Included in Windows 2000 Professional and Server
Included in Windows XP Home and Professional

While Windows NT4 Server can handle MULTIPLE incoming VPN-connections and while Windows NT4 workstation can handle ONE incoming VPN-connection, Windows95 and Windows98 can only be VPN-Clients:
able to establish the connection to an NT4 VPN-server, but not beeing
able to act as a VPN-server, accepting incoming VPN-connections.

Windows95/98 cannot act as VPN-server
(but Windows95/98 is able to provide simple disk sharing via the Internet)

If anybody got Windows95/98 to work as a VPN-server,
please drop me a note via the e-mail page

- Installation of the Windows NT4 RAS-Server
- Connection with Windows NT4 RAS-Server to the Internet
- Installation of the Windows NT4 RAS-VPN Server
- Allowing connection to Windows NT4 RAS-VPN Server

- Installation of the Windows95/98 VPN-Client
- Configure the Windows95/98 VPN Connection
- Connect from Windows95/98 to a VPN server

Using a Windows NT4 workstation as a VPN-dialin to a Server network:

- Installating NT4 RAS as VPN-Dialin to a Network
- Windows95/98 as VPN-Client dialing into a Novell network

Using a Windows NT4 workstation as a TCP/IP-dialin to a Mainframe:

- NT4 RAS as VPN TCP/IP - Dialin to a network/mainframe

See Also

The Author — Johannes Helmig

Dr.Johannes Helmig is working as Director, Technical Knowledge Management in the Belgium office of Gerber Technology where he is involved in Customer Service and internal training, with special interest in Networking.


Featured Links