www.rodneybeede.com "I would love to change the world, but they won't give me the source code" - unknown

Installing Linux (OpenWRT) on a home router with remote VPN access - Last Modified 2012-09-01 16:44 UTC - Created 2012-02-08 19:26 UTC

My previous method used PPTP as a VPN server because of ease of use with Windows clients. While MSCHAPv2 with MPPE and pptp and a long password used to be sufficient it is now possible to decrypt the session with a cluster of hardware in 23 hours (you still may not get the actual password or access, but you can get a sessions content). See Microsoft says don't use PPTP and MS-CHAP

So I no longer recommend using PPTP as a VPN server. It does possibly have support for PEAP, but you must use patched versions which requires a recompile on most platforms. See http://www.nikhef.nl/~janjust/ppp/README.eap-tls

I removed my earlier directions on using PPTP with OpenWRT and now recommend you use OpenVPN instead. IPSec is another option, but only if your clients are on networks that can support tunneling it (some have NAT that do but most are flaky).