PPTP is no longer considered a secure VPN technology. PPTP relies upon MS-CHAPv2 which has been completely compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party 100% of the time, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
This is not specific to pfSense, it is the entire PPTP protocol regardless of its implementation.
More information on this can be found at
https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807 and
https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
We have placed a warning on the PPTP page in 2.1 and 2.0.2 stating this. Other VPN clients may not be as convenient, but PPTP is dead, it's time to move on. This also means that any bugs that are pending for PPTP are not likely to be fixed.
If you insist on using it, or have a client that insists on using it, be aware that it is not providing and real measure of security. In the case of a client requiring it, it may not be a bad idea to make them sign a waiver stating they were informed of this and chose to ignore it.
http://forum.pfsense.org/index.php/topic,54255.0.html
