5 | pptp/l2tp server – SMC Networks Barricade BR14VPN User Manual

7.9.5 | PPTP/L2TP Server

Point-to-Point and Layer 2 Tunneling Protocols (PPTP / L2TP) allows the secure remote
access over the Internet by simply dialing in a local point provided by an ISP. The following
screen displays the management interface where you enter username and passwords for
authorized remote users, the authentication protocol, and the IP address range to assign to
those users:

The VPN Broadband Router supports PAP, CHAP and MS-CHAP authentication protocols.
You can also enable or disable support MPPE which is a Microsoft standard Point-to-Point
Encryption protocol. We recommend enabling MPPE at all times. However, please note that
with MPPE enabled, the only supported authentication protocol is MS-CHAP. This is because
during the MS-CHAP authentication process, shared secret encryption keys for Microsoft
Point-to-Point Encryption (MPPE) are generated. This does not occur when using PAP or
CHAP.

PAP is a simple authentication protocol where the username and password data are both
handled in a cleartext or unencrypted format. We do not recommend using PAP because
your passwords are easily readable from the Point-to-Point Protocol (PPP) packets
exchanged during the authentication process.

When authenticating using Challenge Handshake Authentication Protocol (CHAP), the
knowledge of the password, rather than the password itself is what is sent by the client. With
CHAP, the VPN Broadband Router sends the remote client a challenge string. The remote
client uses the challenge string and the password, and creates a Message Digest-5 (MD5)
hash which is then forwarded to the VPN server. The VPN server computes the same hash
calculation and compares the result with the hash sent by the client. If they match, the
remote client is considered an authentic user.

Note: The virtual IP of the PPTP server and L2TP server must not conflict.

39