[PVE-User] pptp is not secure (war: Internet facing Proxmox)

Lutz Markus Willek l.willek at science-computing.de
Mon Sep 15 13:38:53 CEST 2014


Hey There,

PPTP has always been considered rather week security but a flaw in MSChapv2 indicates it is even less secure than we ever believed. MSChapv2 is the "most secure" authentication protocol used with PPTP!
So PPTP turns to the least secure VPN solution. 
In Fact PPTP is so insecure, it should be considered unencrypted.
Avoid this.

> I would strongly suggest against this or indeed any way to put proxmox directly 
> on the internet.
> 
> The way I go about this would be ...
> ... use PPTP ... to connect into the network.  Much safer.
> 
> 
> Cheers,
> 
> --Guy


Freundliche Grüße / Best Regards

         Lutz Willek
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196


More information about the pve-user mailing list