I've just been setting up some pptp servers for mobile phone VPN use. Rumor had it that CyanogenMod would allow me to choose whether to route all traffic via the VPN, but I've installed the latest stable release and it appears to lack such functionality. Anyway one thing that's annoying is that I have to enter a password every time. That leads to a choice between a poor password that's easy to remember or a good password that needs to be written down, and both of those cases involve annoying typing. The VPN client will store the user-name though. So I was wondering whether the user-name is encrypted, if so I could use "1" for the password and have the random 8 character string as the user-name. I believe that the loss of email from a stolen phone is a much greater concern than the loss of a VPN password, among other things the VPN password can be trivially changed but the IMAP mail that is cached in the phone is lost to the attacker. http://en.wikipedia.org/wiki/Pptp#Security_of_the_PPTP_protocol Wikipedia says that the security of PPTP is weak. This isn't even including the case that any system which only has a user-name and password supplied by the client and no stored authentication token stored by either side (EG like the ~/.ssh/known_hosts) is going to lose in some way if the hostile party can proxy the protocol. In terms of setting up the server on Linux I just had to add something like the following to /etc/ppp/chap-secrets: USER pptpd PASS * Then I set suitable IP addresses in /etc/pptpd.conf . It wasn't difficult although mistakes with the chap-secrets file and attempts to get PAP working wasted a bit of time. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/