Point-to-Point Tunneling Protocol (PPTP) is a VPN technology that was specified by a group of system vendors intended to promote easy VPN deployments. It exists in multiple implementations, which are vendor specific, such as Microsoft PPTP. The most commonly-used underlying mechanisms for authentication and encryption have been found highly vulnerable. Even after many attempts to fix issues in the PPTP security hole, it can be stated that the mechanisms for authentication and encryption used in PPTP still exhibit major vulnerabilities and are not state-of-the-art. I recommend not deploying PPTP as a VPN solution and argue to deprecate this protocol. The only somewhat safe way of deploying PPTP would be by using Transport Layer Security (TLS), which requires the implementation of an entire PKI infrastructure, which is why most people stay away from it. But even then, you run into similar security issues that plague SSL VPNs today.
The two only serious VPN technologies are Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec ) VPN. SSL VPN is similar to PPTP in that it is easier to deploy than other VPN types. The strength of IPsec VPN is its transparency over the IP network layer, which works in both versions of IP: IPv4 and IPv6. But its key strength results from the fact that it is an IETF standard, a framework of open standards protocols that support state-of-the-art strong authentication, authorization and encryption schemes and can be implemented in various standards-based ways.
Email your VPN-related questions to firstname.lastname@example.org.
This was first published in January 2012