I am talking about connecting to a remote network here, not necessarily to a specific computer inside a remote network. There are certain advantages of connecting to a remote network in general as opposed to a particular computer. If you are connected to a particular computer, then your usage of that computer is the limitation of the connection. In other words, whatever you can and cannot do on this remote computer is all that you can do. Let's say the remote computer does not have a database program that you want to run to access a database file stored on a server in the same remote network. Then you are still stuck with this problem if you remote into this computer.
By contrast, if you can remote into the network in general and the computer that you are using has this database program, then you can access this server and the database file. In its simplest terms, when you have connected to a remote network via VPN, the immediate machine in front of you thinks it is physically inside this remote network. In fact, through this VPN connection, you can then remote into a particular machine in the remote network and use that machine's installed software, having the best of both worlds.
Using the protocol PPTP is still the current go-to way to create a VPN tunnel if you want something that has the least amount of complexity and cost. PPTP has been around for decades so it has been time tested to work well with a lot of computing devices. The problem for this reliability and friendliness is its security. While it is better than nothing -- yes, you can have a VPN connection without any security at all if your intention is remote access, speed, but security is not a concern -- it can expose your remote session to unauthorized intruders that somehow get tapped into the tunnel.
Microsoft released 2 versions of the security mechanism used for PPTP. The security mechanism is called MPPE. As said, security via encryption of the data going back and forth is not a required criterion of VPN. MPPE is the protocol used for secured PPTP tunnels.
When PPTP was first created, Microsoft used an encryption method called MS-CHAP. This is now deprecated because it has serious security flaws. Microsoft updated it with MS-CHAP version 2. Even this version is considered dated by today's standards, but if your security need is simple, then MS-CHAPv2 is still good. I however recommend L2TP/IPsec is the way to go these days. There is no right or wrong way to security, it's just how paranoid you are. It's about your acceptable level to risk of how someone can intrude upon your remote connection.
For a good primer on MS-CHAP version 1 and 2, you should check out this article by Bruce Schneier. It's an old article (1999), but its information is still relevant.
Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Also, there has been a discovered vulnerability for using MS-CHAPv2 by itself with additional encapsulation.
http://technet.microsoft.com/en-us/security/advisory/2743314
With that said, if you want a simple inexpensive PPTP VPN to connect to a remote network with no fuss, then I recommend using this a VPN router model TL-R600VPN from TP-Link.
Setting up a PPTP VPN on this router is simple. I got it to work within 15 minutes. As expected, the remote connection is reliable and fast. Below is the user guide for this router.
http://www.tp-link.com/Resources/document/TL-R600VPN_V1_User_Guide.pdf
The router also offers the much more secure IPSec protocol, but this would only work if you connect two of these routers with each on both sides of the tunnel. The PPTP can be used for client-to-LAN connection. This means you only need your computer on one end of the tunnel.
More info on how to use VPN on iPhones and iPads because many people access their networks on the road use these devices.
http://www.apple.com/iphone/business/it/deployment.html
This info is priceless. Where can I find out more?
ReplyDelete