[pptp-server] Protocol 47

Neale Banks neale at lowendale.com.au
Thu May 18 07:31:06 CDT 2000


Hi Angus,

> Just wondering - wasn't it a little silly to invent a new protocol for PPTP
> (# 47)

No, protocol 47 was not invented for PPTP.  Protocol 47 is GRE (Generic
Routing encapsulation, IIRC) which can be used for encapsulating various
other things.  In the case of PPTP, GRE is used to encapsulate PPP frames.

> given that it will be blocked by default by most firewall configurations?
> Remote users and PPTP administrators will often have no control over these
> firewalls
> e.g if an employee of company A visits company B, and whilst there, would
> like to
> connect via PPTP to company A's LAN from company B's LAN. In most
> cases,company B will not cater for PPTP, and the employee will have no
> control over company B's firewall.
> Since PPTP is all about making secure remote access easy, why not use
> unreserved TCP ports, that
> most firewalls let through?

This is a debateable point (and right here is probably not the place to
debate it ;-).

For example, it is arguable that from the point of view of company B it
might not be desirable to have random users creating arbitrary tunnels out
of (and by implication back into) their LAN.

Of course there are ways of circumventing this (e.g. IIRC there is an
IP-over-HTTP tunneling tool around which even works through HTTP proxies;
IP-over-HTTPS would be even easier).

Finally, there is the argument that running the likes of PPP over a TCP
connection is somewhat inefficient, but I do agree that it is convenient
(e.g. PPP over SSH).

Regards,
Neale.




More information about the pptp-server mailing list