View Single Post
Old 04-01-2013, 09:09 AM
poorgrad poorgrad is offline
L5: Journeyman
  • Jan 2008
  • 554
  • 94 poorgrad will become famous soon enough
  • 0
Quote from SlickFerret View Post :
And you, sir, are a master of the understatement!

5) you still need to set up a server
And don't you need to get the certs off the server onto the device?

Don't get me wrong, I'd love to have it more secure. But for the opportunity cost with time/frustration involved with openvpn, do i gain much? I'm just looking to keep the casual snooper from wifi sniffing me. And make it easy for family to use. Is pptp that bad?

I actually tried to get openvpn working on the ipad before I went with pptp. Which is why I went with pptp, turns out it's way easier. Paste some commands in, bam, done. If someone could explain why pptp is real bad for what I'm using it for, I might try openvpn again...
Based on my research the weak part of pptp is the authentication. Attackers can capture your traffic and mschap can be brute forced in a few days. Then they can connect to the vpn as you.
It is not clear to me that once they brute force your hashed authentication token whether they can now decrypt your traffic.

So I think it's fine for just stopping snooping of your traffic. If the attacker was going to go through the effort for spending a day to brute force your authentication token, they can probably find other ways of snooping on you. After all, the traffic is unencrypted leaving your vps.