Menu
What's new
By:
Filters Better Search

Question on PPTP Security

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

O

OnlineInAustria

New Around Here
I currently access the internet via a PPPoA ADSL POTS Annex A connection and am considering purchasing my own router. The router would sit behind the modem-router from the ISP, and the modem-router from the ISP would be used in bridge mode.

After speaking with a technician from the ISP, it appears that all I have to do is enter my username and password on the new router and select PPTP as connection type.

In the past few days, I've read quite a bit about router security and encryption. One security article that I found mentioned that the PPTP protocol is nowadays considered insecure.

My questions are:

If I use a new router behind the modem-router from the ISP and make the connection via PPTP, what type of security problems am I exposing myself to?

Is a connection from a new router to the ISP modem-router inherently compromised due to using PPTP?

Would it be better/more secure to keep the ISP modem-router in NON bridge mode and attach the new router via ethernet in a double NAT setup?

The last thing I want to do is spend at lot of money on a good router onlyto find out that the whole security setup is compromised by the PPTP connection between the new router and the modem-router issued by the ISP.
 
PPTP security is easily unencrypted as computing power is easy to get. Its more for performance such as for using a VPN for gaming.

PPTP and other vpn types all root to the PPP which is to form point to point connections. Really all you're doing is making tunnels and networks and the security really depends on how you configure your network, the routing and so on. PPP has many different layers. PPPOE/A works on layer 2. PPTP, openVPN, SSTP and such operate on layer 4. By default vpns dont forward layer 2 making it so that devices must be configured to talk to each other via routing unless NAT is used on the router for intranet communications.

Security wise theres really no difference in the way you are using it whether double NAT or not. What matters is how good the main router that is visible to the internet is.
 
Yes, the technician definately stated PPTP.

I've looked at the specs of more than 30 ethernet routers in the past few days. All of the them support PPPoE, PPTP, L2TP, Static IP, Dynamic IP, or BigPond Cable. None of them support PPPOA.

I took this matter up with the technician and he said that since my connection is PPPOA, I would have to select PPTP on the router's setup and then enter my username and password in the fields provided.

It had something to do with the ISP using point to point tunneling for an ASDL connection.
 
It's not an issue in the way you're using it since your pptp connection is never exposed to the Internet.
 
Samir said:
It's not an issue in the way you're using it since your pptp connection is never exposed to the Internet.
Click to expand...

Agree - it might be surprising to some - it is more secure than plain old PPPOE however which has no security...

Since OP is on DSL - it's just the link between his modem and the DSLAM at the central office that is running on PPTP.
 
Whats happening here is that you first initiate your connection to your ISP using PPPOA, than to get your WAN you create a tunnel over the existing tunnel using PPTP.

If the modem already does PPPOA than the router will need to do PPTP, however what you need in order to do PPTP is an IP address. If you dont have this address you cant connect to your ISP than.

Im not sure whats going on here if there is a misunderstanding or if the technician is wrong but PPPOA stands for point to point protocol over ATM networks https://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_ATM

PPTP is point to point tunnelling protocol. If your ISP requires it and you dont have an IP address you can connect to with this than this isnt the right thing you need. PPPOA/E works over layer 2 so it only needs a physical address. PPTP works over layer 4 so it requires a layer 3 address. It simply does not work with mac address and i just tried testing it with my mikrotik router, it will not accept mac addresses for PPTP and mikrotik is usually the most flexible when it comes to networking. letting you do things that a normal router simply wont let you.
 
You must log in or register to reply here.

Similar threads

D
Gig WAN on 68Mbps VDSL?
Replies
8
Views
453
L&LD
L&LD
T
Setting up Router and Bridge with with a Cable Modem
Replies
18
Views
565
Transer
T
H
Any way around double NAT?
Replies
15
Views
644
Tech9
Tech9
M
RT-AC66U-B1 behind 4G mobole router in Bridge Mode
Replies
1
Views
424
L&LD
L&LD
B
Asus Router/Network Security Question...
Replies
5
Views
933
billyk
B
Similar threads
Thread starter Title Forum Replies Date
C Cloudflare Security bypass Other LAN and WAN 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 624 (members: 11, guests: 613)
Top