Test Us

Study — PPTP connection test

April 19, 2022
Telecom
Study — PPTP connection test
In this article, we reveal a step-by-step process for testing a PPTP connection on virtual and physical interfaces using an Intel Ethernet E810-C 100GbE network card.

Goals of study

  1. Implement a PPTP server and a PPTP client in different docker containers on virtual interfaces (veth), thereby simulating a real PPTP connection on the same host. The connection diagram is shown in Figure 1.
  2. Implement a connection on the physical interfaces of the tested card. The connection diagram is shown in Figure 2.
  3. Obtain for each method a PCAP connection and compare the results.

 

Test stand specifications
CPU
Intel(R) Xeon(R) CPU E3-1240 V2 @ 3.40GHz
Memory
Total 16GiB @ 1600MHz
NIC
Ethernet Controller E810-C Dual-Port 100GbE QSFP
Operating System
Linux CentOS
Linux kernel version
4.18.0-348.el8.x86_64
Driver
ice 0.8.2-k

 

Implementation

virtual testing

Fig.1. Testing scheme on virtual interfaces.

physical testing

Fig.2. Testing scheme on physical interfaces.

 

Results

1. PCAP on the client side in the virtual interfaces scheme (pptp_w_veth.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.50.0.2","172.40.0.2","TCP","74","51246 > 1723 [SYN]
"2","0.000028","172.40.0.2","172.50.0.2","TCP","74","1723 > 51246 [SYN, ACK]
"3","0.000040","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"4","0.000205","172.50.0.2","172.40.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000214","172.40.0.2","172.50.0.2","TCP","66","1723 > 51246 [ACK]
"6","0.000911","172.40.0.2","172.50.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.000915","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"8","1.000442","172.50.0.2","172.40.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.000970","172.40.0.2","172.50.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.000979","172.50.0.2","172.40.0.2","TCP","66","51246 > 1723 [ACK]
"11","1.001157","172.50.0.2","172.40.0.2","PPP LCP","70","Configuration Request"
"12","1.004528","172.40.0.2","172.50.0.2","PPP LCP","70","Configuration Request"
"13","1.004620","172.40.0.2","172.50.0.2","PPP LCP","74","Configuration Ack"
"14","1.004667","172.50.0.2","172.40.0.2","PPP LCP","74","Configuration Ack"
"15","1.004724","172.50.0.2","172.40.0.2","PPP IPCP","64","Configuration Request"
"16","1.004832","172.40.0.2","172.50.0.2","PPP CCP","64","Configuration Request"
"17","1.004838","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Request"
"18","1.004864","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Reject"
"19","1.004908","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Request"
"20","1.004920","172.50.0.2","172.40.0.2","PPP CCP","60","Configuration Reject"
"21","1.004939","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Ack"
"22","1.004971","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"23","1.005033","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Ack"
"24","1.005038","172.40.0.2","172.50.0.2","PPP CCP","56","Configuration Request"
"25","1.005062","172.40.0.2","172.50.0.2","PPP IPCP","58","Configuration Nak"
"26","1.005118","172.50.0.2","172.40.0.2","PPP CCP","56","Configuration Ack"
"27","1.005148","172.50.0.2","172.40.0.2","PPP IPCP","58","Configuration Request"
"28","1.005205","172.40.0.2","172.50.0.2","PPP IPCP","62","Configuration Ack"
"29","1.505778","172.50.0.2","172.40.0.2","GRE","46","Encapsulated PPP"

2.1 PCAP on the client side in the physical interfaces scheme (pptp_w_810_client.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000067","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000080","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000299","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000324","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001052","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001058","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000567","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001172","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001192","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.001354","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"12","3.997954","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"13","7.001009","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"14","10.004123","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"15","13.007221","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"16","16.010336","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"17","19.013400","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"18","22.016486","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"19","25.019571","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"20","28.022668","172.30.0.2","172.10.0.2","PPP LCP","70","Configuration Request"
"21","31.032879","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032941","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032999","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.033008","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

2.2 PCAP on the server side in the physical interfaces scheme (pptp_w_810_server.pcap):

"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","172.30.0.2","172.10.0.2","TCP","74","33730 > 1723 [SYN]
"2","0.000026","172.10.0.2","172.30.0.2","TCP","74","1723 > 33730 [SYN, ACK]
"3","0.000069","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"4","0.000290","172.30.0.2","172.10.0.2","PPTP","222","Start-Control-Connection-Request"
"5","0.000298","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [ACK]
"6","0.001014","172.10.0.2","172.30.0.2","PPTP","222","Start-Control-Connection-Reply"
"7","0.001047","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"8","1.000598","172.30.0.2","172.10.0.2","PPTP","234","Outgoing-Call-Request"
"9","1.001134","172.10.0.2","172.30.0.2","PPTP","98","Outgoing-Call-Reply"
"10","1.001189","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]
"11","1.004629","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"12","4.007764","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"13","7.010842","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"14","10.013949","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"15","13.017035","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"16","16.020115","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"17","19.023193","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"18","22.026271","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"19","25.029348","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"20","28.030753","172.10.0.2","172.30.0.2","PPP LCP","70","Configuration Request"
"21","31.032901","172.30.0.2","172.10.0.2","PPTP","82","Call-Clear-Request"
"22","31.032938","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [FIN, ACK]
"23","31.032972","172.10.0.2","172.30.0.2","TCP","66","1723 > 33730 [FIN, ACK]
"24","31.032996","172.30.0.2","172.10.0.2","TCP","66","33730 > 1723 [ACK]

Analysis

From the captured PCAP in the client-side on virtual interface scheme (pptp_w_veth.pcap), you can see that the PPTP connection is successful.

An error occurs during the connection process at the moment of transmission of LCP packets that are encapsulated by GRE in the physical interfaces scheme (pptp_w_810_server/client.pcap). The client and server send an LCP (Configure-Request) packet, but do not receive them.

Conclusion

Testing has shown that the Intel Ethernet Card E810 100GbE does not drop GRE packets when attempting a PPTP connection.

We believe that this information will be useful to the ISP community and help you choose the right network equipment. We hope that Intel will pay attention to this problem, fix it and improve the quality of services.

Authors of study:
Dmitry Moldavanov, CTO
Kirill Marchenko, Network engineer

Vote:
5 out of 5
Average rating : 5
Rated by: 3
VAS Experts at Convergence India Expo 2022 From TCP to QUIC. Stingray SG Signatures
We use cookies to optimize site functionality and give you the best possible experience. To learn more about the cookies we use, please visit our Cookies Policy. By clicking ‘Okay’, you agree to our use of cookies. Learn more.