Security and Performance Evaluation of PPTP-Based VPN with AES Encryption in Enterprise Network Environments

Ahmad Heryanto; Deris Setiawan; Berby Febriana Audrey; Adi Hermansyah; Nurul Afifah; Iman Saladin B.  Azhar; Mohd Yazid Bin  Idris; Rahmat  Budiarto

doi:10.52436/1.jutif.2025.6.4.4818

Authors

Ahmad Heryanto Department of Computer Science, Universitas Sriwijaya, Indonesia
Deris Setiawan Department of Computer Science, Universitas Sriwijaya, Indonesia
Berby Febriana Audrey Department of Computer Science, Universitas Sriwijaya, Indonesia
Adi Hermansyah Department of Computer Science, Universitas Sriwijaya, Indonesia
Nurul Afifah Department of Computer Science, Universitas Sriwijaya, Indonesia
Iman Saladin B. Azhar Department of Computer Science, Universitas Sriwijaya, Indonesia
Mohd Yazid Bin Idris Department of Computer Science, University of Technology Malaysia
Rahmat Budiarto Faculty of Computer Science, Albaha University, Saudi Arabia

DOI:

https://doi.org/10.52436/1.jutif.2025.6.4.4818

Keywords:

AES-256, Enterprise, Network Performance, PPTP, VPN

Abstract

In the context of the current digital era, Virtual Private Networks (VPNs) serve a critical function in ensuring the confidentiality and integrity of data transmitted across public networks, particularly within corporate environments. This study presents a comprehensive analysis of VPN security and performance, with a specific focus on the Point-to-Point Tunneling Protocol (PPTP) and the implementation of encryption algorithms such as AES-128 and AES-256. Despite the widespread adoption of PPTP due to its simplicity and broad compatibility, it exhibits significant security vulnerabilities, primarily stemming from its reliance on the outdated RC4-based Microsoft Point-to-Point Encryption (MPPE) and the susceptible MS-CHAP authentication protocol, which is highly vulnerable to brute-force and dictionary attacks. Empirical findings indicate that, although AES-128 and AES-256 introduce minor performance trade-offs compared to unencrypted configurations, AES-256 demonstrates markedly enhanced security, achieving a 98.9% authentication success rate and a threat detection time of 122 milliseconds. Nevertheless, increased user load adversely impacts network performance, with throughput declining from 95 Mbps to 40 Mbps as the user count rises from 5 to 50, accompanied by elevated latency and packet loss. Comparative analysis across three encryption scenarios AES-128, AES-256, and MPPE-PPTP reveals a consistent degradation in network performance as user load increases, with AES-256 offering the strongest security at the cost of slightly reduced throughput and increased latency under high-load conditions. MPPE-PPTP, while providing better throughput, lacks adequate security, making it unsuitable for high-risk environments. Based on these observations, this study recommends the implementation of AES-256 encryption in enterprise networks requiring high security, supported by continuous performance monitoring and strategic capacity planning. Furthermore, the adoption of a secure site-to-site VPN architecture is proposed to facilitate reliable and secure communication between geographically distributed office locations.

Downloads

Download data is not yet available.

References

D. Bringhenti, R. Sisto, and F. Valenza, “Automating VPN Configuration in Computer Networks,” IEEE Trans. Dependable Secur. Comput., vol. 22, no. 1, pp. 561–578, 2025, doi: 10.1109/TDSC.2024.3409073.

M. Naas and J. Fesl, “A novel dataset for encrypted virtual private network traffic analysis,” Data Br., vol. 47, p. 108945, 2023, doi: 10.1016/j.dib.2023.108945.

J. Li, B. Feng, and H. Zheng, “A survey on VPN: Taxonomy, roles, trends and future directions,” Comput. Networks, vol. 257, p. 110964, 2025, doi: https://doi.org/10.1016/j.comnet.2024.110964.

U. H. Rao and U. Nayak, “Virtual Private Networks,” in The InfoSec Handbook: An Introduction to Information Security, Berkeley, CA: Apress, 2014, pp. 245–262.

G. R. Chen, “Development Trend of Computer Network,” in Advances in Mechatronics and Control Engineering II, 2013, vol. 433, pp. 1670–1673, doi: 10.4028/www.scientific.net/AMM.433-435.1670.

T. Nguyen, H. Nguyen, and T. Nguyen Gia, “Exploring the integration of edge computing and blockchain IoT: Principles, architectures, security, and applications,” J. Netw. Comput. Appl., vol. 226, p. 103884, 2024, doi: https://doi.org/10.1016/j.jnca.2024.103884.

N. A. Magnaye, “Advancements in computer network technologies: A review,” Metaverse, vol. 5, no. 1, p. 2315, 2024, doi: 10.54517/m.v5i1.2315.

L. Sun, H. Dong, F. K. Hussain, O. K. Hussain, and E. Chang, “Cloud service selection: State-of-the-art and future research directions,” J. Netw. Comput. Appl., vol. 45, pp. 134–150, 2014, doi: https://doi.org/10.1016/j.jnca.2014.07.019.

A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A Survey on Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities,” IEEE Commun. Surv. Tutorials, vol. 21, no. 2, pp. 1851–1877, 2019, doi: 10.1109/COMST.2019.2891891.

S. Budiyanto and D. Gunawan, “Comparative Analysis of VPN Protocols at Layer 2 Focusing on Voice Over Internet Protocol,” IEEE Access, vol. 11, pp. 60853–60865, 2023, doi: 10.1109/ACCESS.2023.3286032.

J. Jones, H. Wimmer, and R. J. Haddad, “PPTP VPN: An Analysis of the Effects of a DDoS Attack,” in 2019 SoutheastCon, 2019, pp. 1–6, doi: 10.1109/SoutheastCon42311.2019.9020514.

M. A. Gunawan and S. Wardhana, “Implementasi dan Perbandingan Keamanan PPTP dan L2TP/IPsec VPN (Virtual Private Network),” Resist. (Elektronika Kendali Telekomun. Tenaga List. Komputer), vol. 6, no. 1, p. 69, 2023, doi: 10.24853/resistor.6.1.69-78.

R. Arfind, H. Supendar, and R. Fahlapi, “Perancangan Virtual Private Network Dengan Metode PPTP Menggunakan Mikrotik,” J. Komput. Antart., vol. 1, no. 3 SE-Articles, pp. 108–116, Sep. 2023, doi: 10.70052/jka.v1i3.28.

D. A. Pangestu, A. S. Budiman, and S. Sartini, “Rancangan Site-to-Site VPN dengan PPTP pada Interkoneksi Antar Kantor PT. Indosis Integrasi,” Semantik, vol. 8, no. 1, 2024, doi: 10.55679/semantik.v8i1.9189.

U. Bina, S. Informatika, U. Mohammad, and H. Thamrin, “Penerapan Sistem Keamanan Jaringan Menggunakan Vpn Dengan Metode Pptp Pada Pt Hinoka Sinergi Tanyo,” J. Sist. Inf. Univ. Suryadarma, vol. 11, no. 2, pp. 185–196, 2014, doi: 10.35968/jsi.v11i2.1252.

R. F. Syarif and I. A. Sobari, “Implementasi Virtual Private Network (VPN) menggunakan Metode PPTP pada PT. Sinar Quality Internusa,” J. Pendidik. Tambusai, vol. 6, no. 2, pp. 15165–15184, 2022.

F. Hauser, M. Häberle, M. Schmidt, and M. Menth, “P4-IPsec: Site-to-Site and Host-to-Site VPN With IPsec in P4-Based SDN,” IEEE Access, vol. 8, pp. 139567–139586, 2020, doi: 10.1109/ACCESS.2020.3012738.

I. K. Rahman, D. I. Mulyana, and Y. Akbar, “Optimasi IPSec Site to Site VPN Mikrotik menggunakan Algoritme Enkripsi Blowfish,” Progresif, vol. 19, no. 1, 2024, doi: 10.35889/progresif.v19i1.1092.

A. K. M. Hadood, “Implementation of Site to Site IPsec VPN Tunnel using GNS3 Simulation,” no. November, 2024, [Online]. Available: https://doi.org/10.22214/ijraset.2024.65635.

M. T. Roseno, “Analisis Perbandingan Protokol Virtual Private Network (VPN) – PPTP, L2TP, IPSEC – Sebagai Dasar Perancangan VPN pada Politeknik Negeri Sriwijaya Palembang,” pp. 1–7, 2013.

M. Y. Ishaq and F. Firmansyah, “Implementasi Sistem Monitoring Menggunakan Zabbix dan Notifikasi Realtime Telegram,” JINSAN J. Inform. Sist. dan Apl., vol. 3, no. 2, 2019, doi: 10.31294/jinsan.v3i2.2432.

A. Muttaqin, F. Chahyadi, and N. Hayati, “Network Monitoring System Menggunakan Nagios dengan Event Handler Notifikasi Whatsapp,” vol. 11, no. 02, pp. 55–64, 2022.

R. Sugeng, “Implementasi Zabbix Monitoring Dengan Integrasi Sistem Notifikasi Discord, Teams, Telegram Untuk Monitoring Infrastruktur Jaringan pada PT. Pundi Mas Berjaya (PMB),” NACOSPRO J. Nas. Komput. dan Sist. Terdistribusi, vol. 6, no. 1, 2024, doi: 10.37253/nacospro.v6i1.9721.

Y. Chen, Q. Li, L. Tian, and Y. Jiang, “Navigating the VPN Landscape: A Comparative Study of L2TP, IPSec, and MPLS VPN Technologies,” in 2024 4th International Conference on Electronic Information Engineering and Computer Science (EIECS), 2024, pp. 614–617, doi: 10.1109/EIECS63941.2024.10800571.

Y. Niu, J. Li, and L. Li, “Research on Authentication Security of Wireless Local Area Network Based on L2TP Protocol,” in 2009 IITA International Conference on Services Science, Management and Engineering, 2009, pp. 491–494, doi: 10.1109/SSME.2009.30.

A. F. Gentile, D. Macrì, F. De Rango, M. Tropea, and E. Greco, “A VPN Performances Analysis of Constrained Hardware Open Source Infrastructure Deploy in IoT Environment,” in Proceedings of the Future Internet Conference (hypothetical placeholder), 2022, vol. 14, no. 9, p. 264, [Online]. Available: https://www.proquest.com/scholarly-j@INPROCEEDINGS%7B6300807,%0A author=%7BQu, Junhua and Li, Tao and Dang, Fangfang%7D,%0A booktitle=%7B2012 Fourth International Conference on Computational and Information Sciences%7D, %0A title=%7BPerformance Evaluat.

J. Qu, T. Li, and F. Dang, “Performance Evaluation and Analysis of OpenVPN on Android,” in 2012 Fourth International Conference on Computational and Information Sciences, 2012, pp. 1088–1091, doi: 10.1109/ICCIS.2012.203.

I. Coonjah, P. C. Catherine, and K. M. S. Soyjaudah, “Performance evaluation and analysis of layer 3 tunneling between OpenSSH and OpenVPN in a wide area network environment,” in 2015 International Conference on Computing, Communication and Security (ICCCS), 2015, pp. 1–4, doi: 10.1109/CCCS.2015.7374130.

R. M. Pandurang and D. C. Karia, “Performance measurement of WEP and WPA2 on WLAN using OpenVPN,” in 2015 International Conference on Nascent Technologies in the Engineering Field (ICNTE), 2015, pp. 1–4, doi: 10.1109/ICNTE.2015.7029939.

J. B. R. Lawas, A. C. Vivero, and A. Sharma, “Network performance evaluation of VPN protocols (SSTP and IKEv2),” in 2016 Thirteenth International Conference on Wireless and Optical Communications Networks (WOCN), 2016, pp. 1–5, doi: 10.1109/WOCN.2016.7759880.

S. Narayan, C. J. Williams, D. K. Hart, and M. W. Qualtrough, “Network performance comparison of VPN protocols on wired and wireless networks,” in 2015 International Conference on Computer Communication and Informatics (ICCCI), 2015, pp. 1–7, doi: 10.1109/ICCCI.2015.7218077.

Y.-J. Kim, V. Kolesnikov, H. Kim, and M. Thottan, “SSTP: A scalable and secure transport protocol for smart grid data collection,” in 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), 2011, pp. 161–166, doi: 10.1109/SmartGridComm.2011.6102310.