securityPPTP VPN Security
securityPPTP VPN Security
Hello everyone, I own a few DrayTek Vigor 3900 VPN Concentrator Firewall Gateways and have a concern about PPTP VPN security. I understand PPTP is highly insecure and generally unreliable, but it might be the only option available for my Windows setup. I already have IKEv2 and Cisco IPsec VPNs functioning well across Linux, macOS, Android, and iOS devices—these are also secure methods. For Windows, PPTP seems to be the only viable choice. Sometimes I need to access my systems from school, which is quite complicated, but for Windows 10 users, it appears PPTP is still supported there for some reason. My main question is: does PPTP become risky when not actively used? Could an attacker easily gain access to the VPN server on my router if they try brute force? I’m not worried about data security during transmission once connected, but I’m concerned about the possibility of someone cracking the username and password when the connection is inactive. In short, does enabling PPTP on my router expose me to risk when I’m not using it? Are people able to guess or crack the credentials easily? Any guidance would be greatly appreciated!
Have you explored L2TP with IPSec? I’ve configured it on my network and both Windows, iOS and Android devices are working well.
Previously, Windows came with support for several protocols including PPTP, L2TP/IPSec, SSTP and IKEv2. However, PPTP has issues because it transmits login details in plain text during initial setup, making it vulnerable to interception by any device in the network.