打印

[軟件] PPTP has been cracked - stop using it and migrate ASAP

PPTP has been cracked - stop using it and migrate ASAP

PPTP is no longer considered a secure VPN technology. PPTP relies upon MS-CHAPv2 which has been completely compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party 100% of the time, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.

This is not specific to pfSense, it is the entire PPTP protocol regardless of its implementation.

More information on this can be found at https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807 and https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/

We have placed a warning on the PPTP page in 2.1 and 2.0.2 stating this. Other VPN clients may not be as convenient, but PPTP is dead, it's time to move on. This also means that any bugs that are pending for PPTP are not likely to be fixed.

If you insist on using it, or have a client that insists on using it, be aware that it is not providing and real measure of security. In the case of a client requiring it, it may not be a bad idea to make them sign a waiver stating they were informed of this and chose to ignore it.

http://forum.pfsense.org/index.php/topic,54255.0.html

TOP

引用:
原帖由 rickywk 於 2012-10-26 20:53 發表
唉,呢個係好多admin o既惡夢...
PPTP呢幾年太hit o左好多,因為iPhone/Android原生已經支援,而L2TP好多時都死o係firewall...
我公司隻netscrren ssg5同Cisco PIX 515都passthru唔郁L2TP ...
Android 4.0 up已經有app可以root-less連到OpenVPN,
係睇Apple點玩,不過其實Apple iOS都原生support到IPSec VPN, PPTP存亡對佢影響都唔大。

TOP

http://doc.pfsense.org/index.php/Android_VPN_Connectivity#Summary

Android VPN support 真係亂到痴左線,
Old version得的,upgrade左反而又冇左……

TOP

引用:
原帖由 qcmadness 於 2012-10-27 14:55 發表
睇你點用VPN

PPTP夠方便
其實都係差在有冇native support
OpenVPN 直頭乜都唔洗set,裝完一個含config 的setup.exe已經可以double click個OpenVPN icon來連。

TOP