Like someone else said, PPTP is not secure in any of it's iterations.
Anyone that can stiff your traffic can trivially break the CHAP
password exchange:
http://www.hak5.org/episodes/episode-612
If you need an alternative I highly recommend L2TP/IPsec. It does
*proper* 2 factor authentication (X.509 certificate + password) if so
desired and clients are built into a wide variety of operating
systems: NT5 (aka Windows 2000) and higher, Mac OS x 10.3 and newer,
most smartphone OSs, etc. Virtually all non-tonka-toy firewalls have a
built-in L2TP/IPsec server.
If you don't want to to certificate authentication for the IPsec
portion you can also do a PSK (pre-shared key), although my experience
is that it is easier to set a PSK in XP and newer than it is in Win2k.
Phillip Partipilo <[email protected]> previously uttered:
There are a lot of things in transition here, but one little one has
been implementation of a Watchguard UTM box. Recently remote SSL
VPN users have been having issues. I'm taking that up with support,
so not asking about that. But call me an old stubborn fart, but I
have things working with PPTP, which Windows has a built in client
for, and now theres the addition of SSL which needs additional
software. Maybe call me a minimalist, but the less 3rd party crap I
have to install on my PC, the more streamlined it stays. Comments?
--
Phil Brutsche
[email protected]
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
