pptp vpn

Point-to-Point Tunneling Protocol (PPTP) is one of many remote network connection implementation methods for VPNs. It is outdated and considered obsolete due to its manifold and widely known security issues but still finds very niche use cases by more advanced users.

While considered exceptionally fast, PPTP is lacking in terms of encryption standards and is bad at fulfilling its basic security function of protecting user information. The NSA was also allegedly able to crack and bypass it, which allowed them to monitor PPTP users’ online activity.

Suffice to say – it’s bad for what VPNs ultimately stand for, but let’s dive a little deeper into how PPTP works as a protocol to understand why that is the case.

How PPTP works

At a glance, PPTP carries out the same basic operations as most other VPN protocols – authentication, tunnel establishment, data encryption/encapsulation, and transportation.

how pptp works

Simply put, PPTP creates a tunnel between two points, usually the user’s device and a remote network, using a set of predetermined rules and procedures called a protocol. 

This link is then used to transfer encrypted information back and forth between the two points, which in theory should make it safe. However, PPTP’s authentication and encryption methods are extremely outdated and have severe security flaws.

Why PPTP is considered obsolete

Why PPTP is considered obsolete

PPTP is a direct predecessor of PPP, an even older Point-to-Point Protocol, and is built on its outdated framework. It can use three authentication protocols, out of which two (PAP and CHAP) are known to have been breached and exploited before, and only supports MPPE (Microsoft Point-to-Point Encryption) encryption keys of up to 128-bits.

128-bit keys are usually not that easy to crack, but MPPE is infamous for being extra vulnerable to bit-flipping attacks.

Ironically, however, PPTP’s downfalls are also its only saving grace – bad encryption means small overhead, which directly increases speed. So because of its abysmal security, PPTP actually remains, by a small margin, one of the faster VPN protocols to date.

It is also easy to set up, which, when paired with its speed, might make it seem like a viable VPN protocol. 

However, the PPTP ice is thicker than that. Aside from its lack of security, the protocol also struggles to bypass firewalls and can have compatibility issues with routers.

PPTP in a nutshell:

Pros Cons
  • Easy to set up
  • Very fast
  • In-built Windows compatibility
  • Poor authentication method availability
  • Outdated and obsolete encryption
  • The router requires the PPTP Passthrough feature
  • Easily blocked by firewalls

What is PPTP Passthrough?

PPTP Passthrough is a router feature that allows PPTP to bypass router restrictions by adding a unique call ID, which acts as a substitute for NAT’s (Network Address Translation) ports.

Most routers connect to the internet using the NAT protocol, which requires ports to function properly, making PPTP incompatible with NAT. 

However, the Passthrough feature is only required for ancient routers and outdated VPN protocols like PPTP. Its newer and more secure counterparts like OpenVPN, IKEv2, and WireGuard come pre-equipped to deal with NAT if necessary.

How does PPTP fare against other protocols?

How does PPTP fare against other protocols?

As mentioned previously, PPTP’s authentication and encryption methods are unsecure and outdated – but is it really that bad? It is, especially when you compare it to other, more up-to-date protocols.

Let’s take a look at the top three most widely used VPN protocols and how PPTP fares against them.

PPTP vs. IKEv2

Encryption Up to 128-bits Industry-standard AES 256-bit
Security Basic and exploitable Very strong
Speed Very Fast Fast, but speed also depends on server proximity
Stability Stable Stable
Set up Easy Super easy with a VPN 

More difficult on its own

Compared to PPTP, IKEv2 is a much safer and reliable VPN protocol. It’s compatible with the industry-standard AES 256-bit cipher the US government and the NSA use to protect sensitive information.

This makes the IKEv2 naturally slower, but the difference in speed is still barely noticeable.

IKEv2 is also better at switching and establishing connections from data to Wi-Fi, making it popular among mobile users.

PPTP vs. OpenVPN

Encryption Up to 128-bits Industry-standard AES 256-bit
Security Basic and exploitable Very strong
Speed Very Fast Fast
Stability Stable Stable
Set up Easy Super easy with a VPN

Otherwise not new-user friendly

Just like IKEv2, OpenVPN has the PPTP beat on every level of security but is slower because of it. 

However, unlike IKEv2, OpenVPN is faster and more stable over long-distance connections, so the two are often used interchangeably by many VPN providers. The combination of both offers a well-rounded VPN service, albeit not as fast as PPTP but more preferable on every other level.

OpenVPN is also an open-source project under constant development, which keeps it transparent, easy to audit, and consistently improving.

PPTP vs. WireGuard

PPTP WireGuard
Encryption Up to 128-bits Industry-standard AES 256-bit
Security Basic and exploitable Very strong
Speed Very Fast Very fast
Stability Stable Exceptionally good
Set up Easy Super easy with a VPN and easy on its own

WireGuard is the newest open-source addition to the VPN protocol family, and it comes as separate standalone software. 

It was developed on Linux Kernel and only has 4,000 lines of code compared to OpenVPN and IKEv2 codebases in the hundreds of thousands.

Because of this, WireGuard is capable of establishing faster and more stable connections while providing top tier security.

Suffice to say, it would be unfair to compare it to PPTP because WireGuard is essentially superior on every level.

Can’t I just use PPTP for streaming?

While it’s true that security is not always paramount, especially when it comes to something like streaming, I still cannot recommend PPTP as a protocol.

PPTP is fast and easy to set up, but streaming content online can compromise your security to a degree. It is simply not worth the risk, and that’s why many VPN providers don’t offer PPTP as an option.

There are much better alternatives like IKEv2, OpenVPN, and WireGuard – all the more secure, some just as fast, and all available on Surfshark!

Ever wondered what it’s like to feel fast and secure?

Find out with a 30-day money-back guarantee

Get Surfshark


What is a PPTP server?

Essentially, there’s no such thing as a PPTP server. However, the phrase “PPTP server” is usually referred to as a function to set up a PPTP protocol connection on a given router.

How does a PPTP VPN work?

Some VPN services may offer PPTP as one of their available protocols. A PPTP VPN works by establishing a connection through a VPN application using a PPTP protocol.

Why is PPTP not secure?

Its security and encryption framework is outdated and obsolete. PPTP and its several authentication methods were known to be exploited by agencies like the NSA.

Should I use PPTP?

No. Protocols like IKEv2, OpenVPN, and WireGuard are much safer and sometimes just as fast as PPTP.

Which is better, OpenVPN or PPTP?

OpenVPN. It offers higher levels of security and encryption standards while also being fast, although not as fast as PPTP.