Peter Ross wrote:

Hi Jeremy,

...

It can be cracked in under a day with a 100% success rate.

<https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/>

I am aware of it.

Sorry, it may have sounded a bit harsh. I considered a "please refrain from flogging MS PPTP" before I wrote it. As said, it is access to a particular service only. The VPN is used to connect to one VM via RDP to run a particular Windows app. This VM is quarantined. Otherwise I do not use "full-featured VPNs". I do not like BYOD in the network (at least not fully embedded in the LAN), and I do not like VPNs opening up the network to places which are not controlled. May sound a bit authoritarian - but I am the one who has to clean up the mess when things go wrong. Agreed, that there are other ways to encrypt the VPN. But I have to make it easy (e.g. OpenVPN needs an install first) so I do not have to visit everybody's home to get it work. IPSEC is the other choice but the "real deal" is with certificates and I cannot really trust files given out and stored on Windows computers which can be infected (and this happens still a lot, unfortunately) IMHO this cancels out the advantage it seems to have in the first place. If somebody has good experiences with VPN employee setups I am interested to hear it. Regards Peter