[<<][pool][>>][..]
Mon Mar 26 14:17:52 CEST 2012

How to secure PPTP

Android supports PPTP and IPsec.  The latter is too much hassle to set
up so I use PPTP.  There are 2 big problems:

 - PPTP uses plaintext password authentication.

 - It can't use a fixed ppp<x> naming scheme; it simply uses the first
   one available.  This complicates firewall scripts.

First, let's sniff the traffic to see if it's indeed plaintext
password.  I did not see the password in clear text.  Indeed, it uses
CHAP[1].

I'm leaving the firewall rules hardcoded for ppp1.  Hope this won't
interfere with the ppp0 DSL line, that would suck.

[1] http://en.wikipedia.org/wiki/Challenge-Handshake_Authentication_Protocol



[Reply][About]
[<<][pool][>>][..]