1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

PPTP Security

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by aweber1nj, Sep 5, 2006.

  1. aweber1nj

    aweber1nj LI Guru Member

    PPTP was much-maligned when it first appeared as part of MS's VPN options. This was mainly, I think, in the way they implemented the CHAP portion of the authentication (CHAPv1).

    MS subsequently fixed that (and to find a PC with the old stack, it would be ancient, unpatched, etc).

    But my question, to the networking-security gurus out there is the relative security of the PPTP server implementation in the RV042. Is the Linksys PPTP server-firmware using 128bit, and CHAPv2 (or better, if such exists)?

    I'm testing my Treo with the Mergic PPTP client connecting to my RV042, and it works great. PalmVNC to my servers is excellent, I can ping all my boxes, etc. So the only question is whether I can keep this solution running and sleep at night?

    There is only one IPSec client for PalmOS (that I know of, that'll work on the Treo), and I didn't have any luck getting the two to work together. I could go back and invest more time depending on the answers, but there's no guarantee it'll ever work. UNLESS someone out there has already successfully configured "anthaVPN" on their Treo and wants to share info!

    Thanks for any info you can provide.
    -AJ
     
  2. YeOldeStonecat

    YeOldeStonecat Network Guru Member

    There's a couple of posts on this...

    IMO...PPTP is fine for dynamic users. Yes on paper it's technically less secure. But for part time connections, the "road warriors", etc...who log in..work for a few hours, log off, repeat, often from different IP addresses...IMO it's fine.

    For "site to site" connections between medical facilities on static IP addresses on each end? No...not for this.

    To help yourself sleep better...change your password at some interval.
     

Share This Page