dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed


1 recommendation

reply to HD5830Gamer

Re: PPTP question.

said by HD5830Gamer:

I did read it. What i mean by "leaking the IP" is can PPTP leak the ISP's IP?

Not sure why you're so focused on the ISP's IP address here.

»courses.ischool.berkeley.edu/i15 ··· ader.png is the basic structure of an IP packet.
Short answer, the source and destination IP address have to be visible (ie. "leaked"), but the data in each
packet could /should be encrypted by the VPN, or you can wrap this packet in another packet (think mailing
a letter inside an envelop inside a 2nd envelop ) that would prevent the inner packet's IP addresses / data
from being visible.

If you're so interested / concerned about security, you may want to do alittle reading into the fundamentals
of VPN theory and operation -- I personally recommend this title

said by HD5830Gamer:

And far as OpenVPN or L2TP how much more secure are they?

As opposed to what? If it's against PPTP, I'd choose OpenVPN or L2TP any day of the week and twice on saturdays
and sundays. It simply goes back to the fact that the encryption algorithm used in PPTP is simply too weak if you
have a requirement for high security. End of discussion.



What i mean is it possible for your real IP to leak through PPTP?

And may i ask. What VPN provider do you use? i would like to try it out.

said by HD5830Gamer:

What i mean is it possible for your real IP to leak through PPTP?

Yes your real IP address can leak through ANY VPN, PPTP or otherwise. See my comment about end-host-to-end-host


Sunnyvale, CA
Whenever you are doing network communication you need a pair of addresses:
- the destination address to which your data should be delivered
- the source address from which you are sending the data (so that any response can be delivered back to you)
Network communication cannot work if you don't have those addresses and they must be visible to all along the network path so that the data can be routed to its destination.

When tunneling is used (regardless of the type) this increases to two pairs of addresses:
- the tunnel endpoint addresses (e.g.: vpn client to vpn server or tunnel gateway 1 to tunnel gateway 2)
- the actual source and destination addresses of the tunneled communication

The tunnel endpoint addresses are sometimes referred to as the outer or envelope addresses of tunneled network communication and they must be visible to all so that the tunnel can function properly. Since this is required functionality I don't consider this leaking an IP address but for somebody concerned about anonymity of their communication it is important to understand that this is taking place.

The actual source and destination addresses of the tunneled communication may be hidden through encryption however there are caveats:
- In many cases the tunnel endpoint address on the vpn client side is the same as the source address of the tunneled communication (the vpn client runs on the same computer that initiates the tunneled communication). Even when tunnel gateways are used the tunnel endpoint address may narrow down the possible sender to a small network (a particular residence or business). This means that even with an encrypted tunnel it is possible to identify at least the source network and possibly the specific computer.
- In some cases the actual source address may be included in the data of the communication (not just in the packet headers). While the actual packet arriving at the destination will have the source address rewritten to point to the tunnel endpoint (so that response data also goes through the same tunnel) the data inside the packet for some network protocols may still reveal the actual source address of the sender (e.g.: an attempt to perform active mode FTP). That would be IP address leaking but it may or may not be useful information (if it is a private network address behind a NAT gateway it is harmless from a privacy standpoint). This type of lP address leakage is independent from the tunnel type that is used.
Got some spare cpu cycles ? Join Team Helix or Team Starfire!