I am using DDWRT’s built in PPTP server to access my home network on the go. I have heard that there are some pretty serious vulnerabilities with PPTP, even with MPPE encryption enabled. Are they serious enough that I should switch to L2TP or OpenVPN?
I don’t see a reason to use PPTP over OpenVPN. PPTP is so outdated at this point you might as well be sending the traffic unencrypted. When that’s ok or not is up to you but I wouldn’t mess with PPTP anymore.
Are they serious enough that I should switch to L2TP or OpenVPN?
Yup
It’s encryption is bad it uses MS-Chap from 1998 brute forcing on it is easy also seriously use L2TP or OpenVPN. If it “needs” to be used atleast enable EAP-TLS if you don’t “need” to use it then change protocols
Think of PPTP as whispering to someone behind your hand, instead of shouting at them. It is very much better than nothing but not very good. I’m not too sure how many people could realistically go about capturing and then breaking *your* PPTP stream.
Now do your risk assessment: What are you worried about? For most people, keeping your finances, photos, docs and IoT stuff safe are some primary goals. Most of those threats, for most people, are covered by decent “anti virus” and backups.
The main (useful) difference between an IT pro and someone else is an efficient backup scheme 8)
PPTP should be a thing of the past.
The ONLY situation I use PPTP in is a link between my parent’s house and mine, because we’re in the same VLAN at the ISP level so it never crosses the core router (I’m the ISP network engineer).