Last Modified: Sat, 01 Sep 2012 16:44:41 +0000 ; Created: Wed, 08 Feb 2012 19:26:53 +0000
| My previous method used PPTP as a VPN server because of ease of use with Windows clients. While MSCHAPv2 with MPPE and pptp and a long password used to be sufficient it is now possible to decrypt the session with a cluster of hardware in 23 hours (you still may not get the actual password or access, but you can get a sessions content). See Microsoft says don't use PPTP and MS-CHAP
So I no longer recommend using PPTP as a VPN server. It does possibly have support for PEAP, but you must use patched versions which requires a recompile on most platforms. See http://www.nikhef.nl/~janjust/ppp/README.eap-tls I removed my earlier directions on using PPTP with OpenWRT and now recommend you use OpenVPN instead. IPSec is another option, but only if your clients are on networks that can support tunneling it (some have NAT that do but most are flaky). |
|