Pptp/l2tp server – SMC Networks SMC Barricade Plus SMCBR18VPN User Manual

7.9.5 | PPTP/L2TP Server

Point-to-Point and Layer 2 Tunneling Protocols (PPTP / L2TP) allows the secure remote access
over the Internet by simply dialing in a local point provided by an ISP. The following screen

displays the management interface where you enter username and passwords for authorized

remote users, the authentication protocol, and the IP address range to assign to those users:

The VPN Broadband Router supports PAP, CHAP and MS-CHAP authentication protocols. You can

also enable or disable support MPPE which is a Microsoft standard Point-to-Point Encryption

protocol. We recommend enabling MPPE at all times. However, please note that with MPPE
enabled, the only supported authentication protocol is MS-CHAP. This is because during the MS-

CHAP authentication process, shared secret encryption keys for Microsoft Point-to-Point

Encryption (MPPE) are generated. This does not occur when using PAP or CHAP.

PAP is a simple authentication protocol where the username and password data are both handled

in a cleartext or unencrypted format. We do not recommend using PAP because your passwords
are easily readable from the Point-to-Point Protocol (PPP) packets exchanged during the

authentication process.

When authenticating using Challenge Handshake Authentication Protocol (CHAP), the knowledge

of the password, rather than the password itself is what is sent by the client. With CHAP, the VPN

Broadband Router sends the remote client a challenge string. The remote client uses the
challenge string and the password, and creates a Message Digest-5 (MD5) hash which is then

forwarded to the VPN server. The VPN server computes the same hash calculation and compares

the result with the hash sent by the client. If they match, the remote client is considered an

authentic user.

Note: The virtual IP of the PPTP server and L2TP server must not conflict.