Point-to-Point Tunneling Protocol (PPTP) ships free (as part of the DUN software) with Windows NT Workstation 4.0, Windows Me, and Windows 98. For Win95, you can install PPTP as an add-on. On the server side, PPTP integrates tightly with NT's RAS. If you plan to use PPTP, make sure you're running Service Pack 4 (SP4) or later, because it contains DUN version 1.3, which includes bug fixes and enhancements for the PPTP software.

PPTP can provide remote-access-connected and Internet-connected users access to your internal corporate network.

PPTP obviously protects your users' traffic while it traverses the Internet. PPTP, a Layer 2 tunneling protocol, provides a secure way to transport Layer 3 IP packets inside Layer 2 Point-to-Point Protocol (PPP) frames.

Because PPTP is a Layer 2 protocol and is available on all Microsoft client software, you can use PPTP to set up client-initiated tunnels (aka voluntary tunnels) across dial-up connections. In such scenarios, the PPTP tunnel covers different network connections, as Figure A shows. The first part of the tunnel runs across an asynchronous (i.e., PPP-based) network connection between the client and an ISP. The second part of the tunnel uses an IP-based network connection between the ISP and the corporate network's PPTP server.

Besides the fact that PPTP is free with most Microsoft OSs, PPTP's major strength is its multiprotocol support. PPTP's data-channel packets can encapsulate not only IP but IPX and NetBEUI packets. For a critical analysis of PPTP, read Counterpane Internet Security's "Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)" at http://www.counterpane.com/pptp-paper.html and Randy Franklin Smith's "Is PPTP Safe?" http://www.win2000mag.com, InstantDoc ID 5188, which examines unresolved concerns in the Counterpane paper.