IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pptp]

The Point-to-Point Tunneling Protocol is a method used to implement virtual private networks. The RFC can be found here: http://tools.ietf.org/html/rfc2637. PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft.

The Point-to-Point Tunneling Protocol is a method used to implement virtual private networks. The RFC can be found here: http://tools.ietf.org/html/rfc2637. PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft.

14 questions
29
votes
3 answers

Are there any known vulnerabilities in PPTP VPNs when configured properly?

PPTP is the only VPN protocol supported by some devices (for example, the Asus RT-AC66U WiFi router). If PPTP is configured to only use the most secure options, does its use present any security vulnerabilities? The most secure configuration of PPTP…
user34241
  • 293
  • 1
  • 3
  • 4
9
votes
1 answer

Is PPTP VPN ever secure? Under DD-WRT?

PPTP is not an open, ratified standard the way that, for example, SSL/TLS is. (see: http://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.2 and http://datatracker.ietf.org/doc/rfc5246/ ) The most popular (most widely deployed) implementation…
MSE
  • 91
  • 1
  • 1
  • 3
8
votes
1 answer

How can I tell if a PPTP tunnel is secure?

PPTP has been demonstrated to be broken in many ways, and most installations are insecure. But it is also theoretically not broken if configured correctly. As an end-user, is there a simple way for me to tell if a PPTP tunnel offered to me (for…
tylerl
  • 82,225
  • 25
  • 148
  • 226
7
votes
1 answer

Does using NAT-T for L2TP / IPsec VPN pose a realistic security risk?

I'm working on upgrading an old Windows RAS server that hosts PPTP VPN. I want to move to a L2TP/IPsec VPN. Due to the firewall appliance we use, the VPN server has to be behind a NAT. This means in order for L2TP/IPsec to work, I need to…
jlehtinen
  • 193
  • 5
5
votes
2 answers

Should I tell my boss the company's VPN is not secure?

I work in a small company and we have recently invested in a new server that provides VPN services. I contacted the IT company in charge today in order to connect my laptop so I can work from home. I asked for the protocol the VPN was using and they…
Jacques Gaudin
  • 153
  • 1
  • 7
4
votes
0 answers

Is it possible to implement a downgrade attack on a PPTP VPN?

There are many materials about the Dictionary attack or bit-flipping attack to PPTP VPN. But is it possible to implement a downgrade attack to PPTP. This is a picture showing how to implement a downgrade attack to PPTP (from…
Shawn Kang
  • 41
  • 1
3
votes
2 answers

Skype Audio / Video Session over VPN?

Basically I'm wondering if a Skype video session along with audio could be logged (or recorded) over a virtual private network? I know whoever hosts the VPN server can log which websites you visit (or how often you visit them) along with other…
W3Geek
  • 131
  • 2
2
votes
2 answers

Can a website detect which method you are using to connect (LL2P, SSTP and PPTP)

When you connect to a website using a VPN with the same IP however using a different type of connection each time (LL2P, SSTP and PPTP) can the website detect the difference between these connection. For example lets say you connect using an SSTP…
programming
  • 23
  • 2
1
vote
1 answer

Does any VPN protocol authenticate the server?

When you connect to a server using SSL/TLS the client authenticates the server using the certificate that the server provides. If certificates mismatch an error page is shown instead. So you know you are connecting to the correct server. SSH also…
Sedat Kapanoglu
  • 721
  • 3
  • 16
1
vote
1 answer

Can I use a VPN to disguise internet traffic at work?

I have seen this question asked before; I want to know if I can use a VPN to disguise my internet traffic so my employer can't see what websites I'm visiting while at work. However, unlike most people, I do all of my work on my personal computer,…
user76876
1
vote
1 answer

Could PPTP be considered a secure VPN type with idle timeout 0?

Ive got a Draytek router which im trying to setup as a VPN host. The options i have are : PPTP IPSEC LT2P with IPSEC policy SSL My VPN client only seems to supported PPTP and LT2P with IPSEC policy. Ive setup multiple other VPNs on other…
sam
  • 536
  • 3
  • 14
1
vote
3 answers

How to secure clear text data that is transmitted through LAN / Wireless LAN connection and PPTP VPN without a domain name (IP address only)

We use Odoo ERP in our office and there is a statement in the documentation which says: Whether it's accessed via website/web client or the webservice, Odoo transmits authentication information in cleartext. This means a secure deployment of Odoo…
William Wino
  • 111
  • 1
0
votes
1 answer

PPTP and Split Routing

If I uncheck the "use default gateway on remote network" to be able to browse local shares and the internet at the same time, does that void encryption?
Chelsea
  • 3
  • 1
0
votes
0 answers

Is it safe to use HTTPS websites over an unknown PPTP VPN?

I want to create e.g a Gmail account while connected to an unknown PPTP VPN. Is it safe, or can the owner of the PPTP VPN see my Gmail web page information, such as username or password, at all? Can the PPTP owner decrypt our information using our…
samy2k9
  • 1