I run a VPN using PPTP. I heard its not that secure because it sends the user name and password in plain text during the authentication. The VPN connects to a 2003 server with running AD. There is an option for authentication in IAS. I have choosen MS-Chapv2. The question is: Does the vpn authenticate itself still in plain text then use Ms-Chapv2 to authenticate itself to the server or use Ms-Chapv2 to authenticate onto the VPN?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
PPTP authentication query
- Thread starter Lote
- Start date
PeterHurst
IS-IT--Management
I'm 85% sure I'm right in saying this - from what I remember of CHAP the password is definately encrypted and I think the username too.
The issue with PPTP is that the encryption is not as complicated or as robust as IPSEC. The fact it uses CHAP can be a weak point as can the actual encryption.
I use a mixture.. PPTP is excellent for occasional homeworkers, full blown IPSEC for remote offices.
The issue with PPTP is that the encryption is not as complicated or as robust as IPSEC. The fact it uses CHAP can be a weak point as can the actual encryption.
I use a mixture.. PPTP is excellent for occasional homeworkers, full blown IPSEC for remote offices.
- Status
Similar threads
- Locked
- Question
- Locked
- Question