Advertisements

PPTP VPN Security Warning (and PC Configuration)

pptp-pc-bridgePPTP is not considered to be secure. It’s not as open as an old fashioned telephone party line, but anyone with a little know how and a few bucks can figure out your password. PPTP does not use SSL. VPN connections configured with SSL are as safe as your on-line connection to Amazon or your bank, if configured properly.

The most vulnerable part of PPTP is the authentication protocol, the part with the user id and password. It’s called MS-CHAP v2. MS-CHAP V1 was broken years earlier and MS-CHAP V2 was developed as a response. The encryption protocol associated with PPTP, MPPE, also has security issues. 

An online company called CloudCracker sells a service that offers to crack the password of a PPTP VPN you have properly snooped on. Anecdotally, according to web sites that have reported on CloudCracker, they appear to provide a competent service for a low price. Given the proper information, CloudCracker can apparently hack a password in only a few minutes.

That being said, you don’t need to panic, but you should be concerned. Nobody can crack a site they don’t know is there. As a mater of common sense, you shouldn’t advertise the capabilities or existence of your advanced home server outside your circle of trust. Then, you must have something someone wants bad enough to make an effort to get it. Personally, if I were you, I would assume everyone you know or have met outside your circle of trust wants to get even with you for something you probably know nothing about. In this way, you’ll develop the proper attitude towards privacy and network security.

If You Still Want a PPTP Server, You Can Get Instructions Here

In reality, opening up a PPTP portal for a short while for a specific purpose is probably reasonably safe. You can transfer your files as required, then disengage PPTP port forwarding. It’s likely nobody will notice you in any way, and even if they did, they would have to use specialized software to capture your VPN log-on information. Then, they would have to send it off to CloudCracker for processing. Most people on most days couldn’t care less about you and your VPN. You only have to worry about the goofy teen next door who look a little like ET, or the nut on the free wi-fi sitting next to you at the coffee shop who is sniffing out all traffic in the vicinity for later review.

For the sake of completeness, instructions for creating a PPTP server on various technologies are included at Advanced Home Server. Lots of manufacturers offer the feature. Each one configures differently on the server side. On the client side, the configuration is identical no matter which technology you’re connecting to.

If your router provides VPN capabilities to a disk drive connected via USB, you’re probably using PPTP.

Network Attached Storage (NAS) boxes that provide standalone computer capabilities offer PPTP VPN services along with other options that offer better security.

Windows PC can become a PPTP server.

Windows Server 2012 can become a PPTP server.

PPTP, Port Forwarding, and Connecting Your PC to The Server

The technology supporting the PPTP server may be flexible, but the client PC connects the same to every variant of PPTP server. In order to avoid duplication, the router and client configuration instructions are in one place only. They’re here, below, for both the sake of efficiency and to make sure you’re aware of the potential adverse impact on your life of using PPTP.

PPTP uses port 1723, by convention. Your router will have to be configured to forward inbound traffic over port 1723 to your PPTP server. Some routers provide a PPTP pass-through feature. This may need to be enabled. PPTP traffic travels over the internet. You configure the connection on your PC using the URL for your internet site. This means your DDNS configuration must be current.

PPTP and Your Router

You need to open port 1723 and forward it to the local IP address of your PPTP server. Some documentation also notes that a service called GRE should also be be configured. Both are shown below. It appears to work fine without deference to GRE port 47. (It’s only a coincidence that the local address below ended with 47.)

pptp-pc11###

If your router offers a PPTP pass-through capability, enable it.

pptp-pc12____________________

Troubleshooting PPTP Port Forwarding

Routers are amazing tools that offer a long list of features. Port forwarding is a simple concepts that’s been around for a while, but, on some routers from some manufacturers, it may conflict with the Enable PPTP Passthrough above. If you’re have difficulty connecting from your PC to your PPTP server, the problem might be the router setup. Here’s some troubleshooting steps:

Turn off port forwarding but leave on PPTP Passthrough

Turn on port forwarding and turn off PPTP Passtrhough

Turn on both port forwarding and PPTP Passthrough, but forward port 1723 to 192.168.1.1, or whatever your router is using for its IP address.

PPTP and Your Client PC

It’s quick and easy to configure a VPN connection on a Windows PC. Open the Network and Sharing Center. Select Set up a new connection or network. Then Connect to a workplace.

pc-pptp02-01

###

Create a new connection.

pc-pptp02-02###

Use your internet connection.

pc-pptp02-03###

Fill in the blanks. Do not connect at this time.

pc-pptp02-04###

Fill this in as you feel appropriate. Every time you connect, you will be presented with a sign in screen that is pre-filled, but you can change anything on it.

pc-pptp02-05###

Done. Don’t connect yet.

pc-pptp02-06###

In the lower right corner of the screen, click the network connection icon. Select the PPTP connection you just created. Right click and select properties. Change the fields to look like this. Click OK.

pc-pptp02-09###

Repeat the above steps, except click connect. You’ll see this.pc-pptp02-09b###

Connect and this is representative of the connection status.

pc-pptp02-10

____________________

Advertisements


Have Something To Add?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s