Community discussions

 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Sun Nov 23, 2014 10:25 pm

I am not trying stir up the hornet net or anything like that but simply want to say that certain VPN protocols are not as secure and therefore may compromise your chosen method without you knowing. Not to mention it a waste of your effort.

- PPTP can be cracked by government security agencies, i.e GCHQ (UK) or NSA (US). Microsoft actually recommended users not to use PPTP quite a while ago.

- L2TP/IPSec is also known to be compromised by same security agencies above. it is not 100% secure. This was revealed by Edward Snowden, the IT contractor of the NSA (US) and who was granted asylum in Russia.

For further detail see here: https://www.bestvpn.com/blog/4147/pptp- ... n-vs-sstp/

There is a summary at end of the article if you don't want to read the whole thing. It suggests OpenVPN or SSTP (note SSTP is only available in Windows environment).

Good luck.
 
User avatar
43north
Member Candidate
Member Candidate
Posts: 197
Joined: Fri Nov 14, 2014 7:06 am

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Tue Nov 25, 2014 8:36 am

Want 100% security? Don't have any VPNs and unplug your LAN from the internet....
 
MTikSeekeroe
newbie
Topic Author
Posts: 34
Joined: Fri Nov 06, 2009 5:12 am

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Tue Nov 25, 2014 1:40 pm

It's true in what you're saying. But how practical and sensible is it in today environment? Taking your advice literally means one should not use the Net to be totally safe. Well, North Korea comes to mind.

During the build of my NAS, I found out the security 'leak' of PPTP , which I used previously to access files from home, sometimes using public wifi, while traveling o/seas. I no longer use PPTP. And I thought of sharing my findings on the forum.

My findings also led me to use my friend's NAS as my offsite backup, and mine NAS as his remote backup. This allows us to eliminates the middleman and no ongoing costs. Using Rsync via openVPN minimizes bandwidth for us, but that's another story.

Cheers
 
eternal0
newbie
Posts: 49
Joined: Fri Jun 20, 2014 5:56 pm

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Fri Aug 14, 2015 9:09 am

Some firewall can identify and block the OpenVPN connection, so I think SSTP is the best.
SSTP client can work on Windows/Linux/OS X/Android.
 
User avatar
Caci99
Forum Guru
Forum Guru
Posts: 1064
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Fri Aug 14, 2015 1:09 pm

Everything is crack-able. As @43north said, stay off the net if you want security. Just a couple of days ago I was reading how in Israel managed to compromise an "air gapped computer" by using cell phones for experimental purposes. So, if somebody is on to you, they will eventually get there :)
-Toni-
Don't crash the ambulance, whatever you do
 
christinaccortez
just joined
Posts: 1
Joined: Mon Oct 24, 2016 10:40 am

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Mon Oct 24, 2016 11:12 am

OpenVPN regard as more secure VPN protocol than pptp, lt2p and many others. Not all but some best vpn services provide OpenVPN protocols to further strengthen the security level for their users. The OpenVPN is generally a fresh open source technology. It applies VPN techniques for the purpose of making site-to-site (or point-to-point) connections. The tool makes use of custom security protocol that uses SSL/TLS –this for exchanging key.
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 1717
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Mon Oct 24, 2016 12:43 pm

....The OpenVPN is generally a fresh open source technology
Are you sure that the word FRESH is the right one ? OpenVPN's history is quite long.
Real admins use real keyboards.
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1219
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Mon Oct 24, 2016 2:52 pm

Everything not supported by iOS* is fresh :lol:
* not to be confused with Cisco IOS. The big inventors didn't even get a new name for their OS. Not even the "i" at the beginning is original, remember the iPAQ from Compaq? The only thing they invent is ways to screw up wireless protocols.
Torturing CCR1009-7G-1C-1S+, RB450G, RB750GL, RB951G-2HnD, RB960PGS, RB260GSP, OmniTIK 5HnD and NetMetal 922UAGS-5HPacD + R11e-5HnD in my home network.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: PPTP and L2TP/IPSec are NOT secure. Use OpenVPN.

Mon Oct 24, 2016 3:03 pm

... and how to make poor people by advertisements to pay horrible money for overpriced products.

Who is online

Users browsing this forum: MSN [Bot] and 117 guests