Article Details

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server. Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. For over 20 years, the enterprise has used the PPTP and L2TP VPN protocols to provide remote access to corporate networks and Windows servers. However, as cybersecurity attacks and resources have grown more sophisticated and powerful, the protocols have become less secure. For example, PPTP is vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec. However, if L2TP/IPsec is not configured correctly, it can introduce weaknesses that make it susceptible to attacks. Due to this, Microsoft is now recommending users move to the newer Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2) protocols, which provide better performance and security. "The move is part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols like Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2)," Microsoft announced in a post this week. "These modern protocols offer superior encryption, faster connection speeds, and better reliability, making them more suitable for today's increasingly complex network environments." Microsoft shared the following benefits of each protocol: Benefits of SSTP Benefits of IKEv2 Microsoft stresses that when a feature is deprecated, it does not mean it is being removed. Instead, it is no longer in active development and may be removed from future versions of Windows. This deprecation period could last months to years, giving admins time to migrate to the suggested VPN protocols. As part of this deprecation, future versions of Windows RRAS Server (VPN Server) will no longer accept incoming connections using the PPTP and L2TP protocols. However, users can still make outgoing PPTP and L2TP connections. To aid admins in migrating to SSTP and IKEv2, Microsoft released a support bulletin in June with steps on how to configure these protocols.