Retired > PPTP

HEADS UP: PPTP has been removed from pfSense 2.3

(1/1)

jimp:
PPTP has been known to be completely broken for over three years now. Due to its insecure nature, the PPTP VPN server has been removed entirely from pfSense 2.3. It was removed from the pfSense 2.3 code base about two months ago.

Since the pfSense 2.3 release is coming up fast, if you are one of the few still clinging to PPTP: NOW is the time to start migrating away to another VPN solution.

If a customer, boss, client, or other interested party is insisting on PPTP, it's past time to drag them kicking and screaming into the age of modern VPNs.

We strongly recommend using IKEv2 or OpenVPN. Both of which can accommodate a wide range of operating systems.

IKEv2 has a native client in Windows 7 and later, OS X 10.11 and later, iOS 9 and later, among others. There is a simple app for it on Android as well and there are Network Manager modules for it on Linux. OpenVPN has a third-party client on many client operating systems.

If for some unimaginable reason moving away from PPTP is not possible, seek alternate means for establishing a PPTP connection, such as forwarding the traffic (TCP/1723 and all GRE) in to a Windows server or something else that will still speak PPTP.

"If it's not broken, don't fix it" does not apply here -- it may function but the protocol is fundamentally broken.

BlueKobold:
On one side it is fine to hear about, but on the other it isnīt. For the security itself it is a gain and a goal
that will be reaching more security, but often someone likes WISPs (Wireless ISPs) are only using it as a
workaround for sending the name and password as "plain text". For the rest it was not interesting anymore
for sure.


--- Quote ---If for some unimaginable reason moving away from PPTP is not possible, seek alternate means for establishing a PPTP connection, such as forwarding the traffic (TCP/1723 and all GRE) in to a Windows server or something else that will still speak PPTP.
--- End quote ---
CentOS 6/7 together with the SoftEtherVPN server would be a good working VPN solution.

jimp:
The PPTP WAN Client is staying. The PPTP VPN server is going.

riahc3:

--- Quote ---If a customer, boss, client, or other interested party is insisting on PPTP, it's past time to drag them kicking and screaming into the age of modern VPNs.
--- End quote ---

So because of pfSense Im going to lose a client? Fuck no.

If the client still wants PPTP after warning him, he is going to get PPTP period. I will just simply not use pfSense.

Not only that but L2TP/IPSec is broken in pfSense. There is as of right now, NO BUILT IN VPN SOLUTION FOR ANY OS IN PFSENSE OpenVPN is a third party solutoin that requires a third party client on ALL OSs, server desktop and mobile.

jimp:
PPTP is broken. If your client wants PPTP, the client is broken. Fix the client. They are running an insecure VPN that is exposing their data to anyone that wants to see it. By continuing to allow them to use PPTP you are doing them a disservice. The customer is not always right, it's your job to ensure the security of the customer.

IKEv2 VPNs are natively supported in nearly every OS. https://doc.pfsense.org/index.php/Mobile_VPN_Client_Availability

Navigation

[0] Message Index

Go to full version