A hand holding an air traffic control light next to a white circle, a shield with VPN on it, and a chat box that says PPTP.

Point-to-Point Tunneling Protocol (PPTP) is one of many remote network connection implementation methods for VPNs (Virtual Private Networks). A PPTP VPN receives data, encrypts it, and transmits it over the internet. Easy to set up, PPTP is one of the oldest VPN protocols used by more advanced users in very niche cases. Then again, due to its age, PPTP encryption is terrible at fulfilling its essential security function – protecting user information. But let’s elaborate on that.

Table of contents

    How a PPTP VPN works

    At a glance, PPTP carries out the same basic operations as most other VPN protocols – authentication, tunnel establishment, data encryption/encapsulation, and transportation.

    Simply put, PPTP security is creating a tunnel between two points, usually the user’s device and a remote network. It’s all done using a set of predetermined rules and procedures called a protocol. 

    This link is then used to transfer encrypted information back and forth between the two points, which in theory should make a safe VPN connection. However, PPTP VPN’s authentication and encryption methods are extremely outdated and have severe security flaws.

    Why a PPTP connection is considered obsolete

    A sword resting on a wooden shield, and above the shield, there is a chat box saying PPTP.

    PPTP is a direct predecessor of PPP, an even older Point-to-Point Protocol, and is built on its outdated framework. It can use three authentication protocols, two out of which (PAP and CHAP) are known to have been breached and exploited before, and only supports MPPE (Microsoft Point-to-Point Encryption) encryption keys of up to 128 bits.

    128-bit keys are usually not that easy to crack, but MPPE is infamous for being extra vulnerable to bit-flipping attacks. In fact, the NSA was allegedly able to crack and bypass it, which allowed them to monitor PPTP users’ online activity.

    Aside from its lack of security, the protocol also struggles to bypass firewalls and can have compatibility issues with routers.

    A PPTP VPN benefits

    Ironically, however, PPTP’s downfalls are also its only saving grace – bad encryption means small overhead, which directly increases speed. So because of its abysmal security, a PPTP VPN remains, by a small margin, one of the faster VPN protocols to date.

    It is also easy to set up, which, when paired with its speed, might make it seem like a viable VPN protocol.

    PPTP in a nutshell:

    Pros
    Cons
    • Easy to set up
    • Very fast In-built
    • Windows compatibility
    • Poor authentication method availability
    • Outdated and obsolete encryption
    • Requires the PPTP Passthrough feature for the router
    • Easily blocked by firewalls
    Don’t settle for weak security
    Surfshark

    What is PPTP Passthrough?

    PPTP Passthrough is a router feature that allows PPTP to bypass router restrictions by adding a unique call ID, which acts as a substitute for NAT (Network Address Translation) ports.

    Most routers connect to the internet using the NAT protocol, which requires ports to function properly, making PPTP incompatible with NAT.

    However, the Passthrough feature is only required for ancient routers and outdated VPN protocols like PPTP. Its newer and more secure counterparts like OpenVPN, IKEv2, and WireGuard VPN connections come pre-equipped to deal with NAT if necessary – or you can just set up a VPN on a router.

    How does a PPTP connection fare against other protocols?

    As mentioned previously, PPTP’s authentication and encryption methods are insecure and outdated – but is it really that bad? Spoiler alert – it is, especially when you compare it to other, more up-to-date protocols.

    With that in mind, let’s look at the top three most widely used VPN protocols and how a PPTP VPN connection fares against them.

    PPTP vs. IKEv2

    PPTP
    IKEv2
    Encryption
    Up to 128-bit
    Industry-standard AES 256-bit
    Security
    Basic and exploitable
    Very strong
    Speed
    Very fast
    Fast, but the precise speed also depends on server proximity
    Stability
    Stable
    Stable
    Set up
    Easy
    Easy with a VPN connection, difficult on its own

    Compared to a PPTP VPN connection, IKEv2 is a much safer and more reliable choice. It’s compatible with the industry-standard AES 256-bit cipher the US government and the NSA use to protect sensitive information.

    This makes the IKEv2 naturally slower, but the difference in speed is negligible.

    The IKEv2 VPN protocol is also better at switching and establishing connections from data to Wi-Fi, making it popular among mobile users.

    PPTP vs. OpenVPN

    PPTP
    OpenVPN
    Encryption
    Up to 128-bit
    Industry-standard AES 256-bit
    Security
    Basic and exploitable
    Very strong
    Speed
    Very fast
    Fast
    Stability
    Stable
    Stable
    Set up
    Easy
    Super easy with a VPN, not new-user-friendly without it

    Like IKEv2, OpenVPN has PPTP beat on every level of security but is slower because of it. 

    However, unlike IKEv2, OpenVPN is faster and more stable over long-distance connections, so the two are often used interchangeably by many VPN providers. The combination of both offers a well-rounded VPN service – not as fast as PPTP, but preferable on every other level.

    OpenVPN is an open-source project under constant development, which keeps it transparent, easy to audit, and consistently improving.

    PPTP vs. WireGuard

    PPTP
    WireGuard
    Encryption
    Up to 128-bit
    Industry-standard AES 256-bit
    Security
    Basic and exploitable
    Very strong
    Speed
    Very fast
    Very fast
    Stability
    Stable
    Exceptionally good
    Set up
    Easy
    Super easy with a VPN and easy on its own

    WireGuard is the newest open-source addition to the VPN protocol family and comes as separate standalone software. 

    It was developed on Linux Kernel and only has 4,000 lines of code compared to OpenVPN and IKEv2 codebases that are in the hundreds of thousands.

    Because of this, WireGuard can establish faster and more stable connections while providing top-tier security.

    Suffice to say, it would be unfair to compare it to PPTP because WireGuard is essentially superior on every level.

    Bottom line: It’s all about security

    PPTP VPN is fast and easy to set up, but it’s not worth compromising your security. To be blunt, I cannot recommend PPTP as a protocol as there are better alternatives like IKEv2, OpenVPN, and WireGuard. All are more secure, some just as fast, and all available on Surfshark!

    Ever wondered what it’s like to feel fast and secure?
    Find out with a 30-day money-back guarantee
    Surfshark

    FAQ

    What is a PPTP VPN server?

    Essentially, there’s no such thing as a PPTP VPN server. Terms like “PPTP server” or “PPTP VPN server” usually refer to a function to set up a PPTP protocol connection on a router.

    How does a PPTP VPN work?

    A PPTP VPN works by establishing a connection through a VPN application using PPTP. Most VPN providers offer PPTP as one of their available protocols.

    Why is PPTP not secure?

    Its encryption framework (read: security) is obsolete. PPTP and its several authentication methods were known to be exploited by agencies like the NSA.

    Should I use a PPTP VPN protocol?

    No. Protocols like IKEv2, OpenVPN, and WireGuard are much safer and sometimes just as fast as PPTP VPN connections.

    Which is better: OpenVPN or PPTP?

    OpenVPN. It offers higher levels of security and encryption standards while also being fast (although not quite as fast as PPTP).