> It may not be the wisest thing to be trying PPTP. In addition to the > technical problems you are encountering, there seem to be some grave
> issues with the protocol itself, > http://www.schneier.com/pptp-faq.html > > which are apparently not resolved entirely even in later versions. PPTP sucks, but if you have some models of Palm device it's all you get to use - they just don't do anything more secure. Sure, it's all software but i have yet to see an IPSec or SSL-based VPN client for my Palm. It's useless wireless won't even do WPA (ok, so I got it before WPA was around, but there isn't even a software upgrade). > IPsec and SSL are both standards and, as such, supported even > by legacy > platforms. It might be useful to phase out PPTP in favor of IPsec. IPSec can be confusing to configure the first time round - it took me a little while to come to terms with it. It has the advantage the newer version of Winblows support it out of the box, so your average L-user will have no trouble getting on your VPN. (s/no trobule/minimal trouble/). OpenVPN is ssl-based and seems to work quite well. It's also able to be easily tunneled over HTTP proxies if you need to access the VPN from behind a restrictive firewall. I've used OpenVPN on Linux servers, clients and Windows boxes. Never had a hiccup with it. I don't know how well it works in OpenBSD though. If you're stuck with PPTP just be sure to know its limits. Read the web page posted before and probably keep it on a separate box with different usernames/passwords to your main machines. You might consider allowing access to only certain services via the VPN too, just to limit the damage that can occur due to PPTP's inherrent insecurity. I found that the free servers were really painfully slow too - I don't know whether that's an artificial limitation or not because the server was never very heavily loaded and PPTP wouldn't do more than a couple of megabits a second over a solid wireless connection. Cheers, A
