7.9.5 | PPTP/L2TP Server
Point-to-Point and Layer 2 Tunneling Protocols (PPTP / L2TP) allows the secure remote access
over the Internet by simply dialing in a local point provided by an ISP. The following screen
displays the management interface where you enter username and passwords for authorized
remote users, the authentication protocol, and the IP address range to assign to those users:
The VPN Broadband Router supports PAP, CHAP and MS-CHAP authentication protocols. You can
also enable or disable support MPPE which is a Microsoft standard Point-to-Point Encryption
protocol. We recommend enabling MPPE at all times. However, please note that with MPPE
enabled, the only supported authentication protocol is MS-CHAP. This is because during the MS-
CHAP authentication process, shared secret encryption keys for Microsoft Point-to-Point
Encryption (MPPE) are generated. This does not occur when using PAP or CHAP.
PAP is a simple authentication protocol where the username and password data are both handled
in a cleartext or unencrypted format. We do not recommend using PAP because your passwords
are easily readable from the Point-to-Point Protocol (PPP) packets exchanged during the
authentication process.
When authenticating using Challenge Handshake Authentication Protocol (CHAP), the knowledge
of the password, rather than the password itself is what is sent by the client. With CHAP, the VPN
Broadband Router sends the remote client a challenge string. The remote client uses the
challenge string and the password, and creates a Message Digest-5 (MD5) hash which is then
forwarded to the VPN server. The VPN server computes the same hash calculation and compares
the result with the hash sent by the client. If they match, the remote client is considered an
authentic user.
Note: The virtual IP of the PPTP server and L2TP server must not conflict.