PPTP has lower encryption levels then most and uses basic user/pass to encrypt and not large keys… however calling it insecure is throwing much more mud on the face of PPTP then it deserves. It is not even remotely close to no encryption which isn’t insecure because encryption no more equal to security then having a bank account is equal to being rich… the user can receive a key logger virus through an encrypted tunnel just as easily as a non-encrypted tunnel and even an unencrypted tunnel cannot be interfered with if you cannot access the stream of data in-between the endpoints.
Ultimately I expect that if a someone is going to breech a system then they will probably do it regardless of the encryption level of a tunnel. So… if you want to be able to VPN into a router simply then I see no harm in PPTP unless you expect a hacker setting in the middle of your tunnel just waiting to bruit force decrypt the captured packets… If you are interconnecting two bank branches then first off the applications should be responsible for the data security but it is still a good idea to use something with the highest level of security. Sometimes PPTP is still a good option, sometimes better encryption is a good idea. However, tunnel encryption is never an excuse to allow data access to unauthorized users so the applications accessibility is what should really be our concern. Sorry, I’m on my think sanely about security rant… done now. Sincerely, Joshaven Potter Google Hangouts: j...@g2wireless.co Cell & SMS: 1-517-607-9370 supp...@joshaven.com > On Dec 22, 2015, at 8:43 PM, Josh Reynolds <j...@kyneticwifi.com> wrote: > > I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's > probably your best bet. EoIP does have a performance/overhead hit.. Wasn't > there something fairly recent about eoip+ipsec? PPTP is NOT security any more > than WEP is. Most opensource products have removed it at this point - shame > on MikroTik for not following suit. > > On Dec 22, 2015 7:37 PM, "Mathew Howard" <mhoward...@gmail.com > <mailto:mhoward...@gmail.com>> wrote: > You apparently can do encryption on EOIP now... I haven't tried it though, so > I have no idea if it actually works or if it spoils the simplicity part... > > On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <j...@imaginenetworksllc.com > <mailto:j...@imaginenetworksllc.com>> wrote: > EOIP wouldn't be encrypted... > > > Josh Luthman > Office: 937-552-2340 <tel:937-552-2340> > Direct: 937-552-2343 <tel:937-552-2343> > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <tyler.tr...@cornbelttech.com > <mailto:tyler.tr...@cornbelttech.com>> wrote: > If only EOIP. Damn I love the simplicity. > > On Dec 22, 2015, at 6:51 PM, Josh Luthman <j...@imaginenetworksllc.com > <mailto:j...@imaginenetworksllc.com>> wrote: > >> OVPN probably? Not sure about IPSec on the CCR. >> >> >> Josh Luthman >> Office: 937-552-2340 <tel:937-552-2340> >> Direct: 937-552-2343 <tel:937-552-2343> >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <tyler.tr...@cornbelttech.com >> <mailto:tyler.tr...@cornbelttech.com>> wrote: >> Tunneling between 2 sites, not trying to bridge a single subnet or any >> nonsense like that. Well connected on either end. >> >> Which style of tunnel is going to provide the best security vs performance >> value. >> >> Thinking CCR as a concentrator with 2011's or crs125's at end points. >> >> Feedback appreciated. >> >> Thanks! >> Tyler >> >> ___________________________ >> Mangled by my iPhone. >> ___________________________ >> Tyler Treat >> Corn Belt Technologies, Inc. >> tyler.tr...@cornbelttech.com <mailto:tyler.tr...@cornbelttech.com> >> ___________________________ >> >> > >
