Hello, I am new to VPN and its technicalities, I am trying to setup a VPN on my Netgear WNDR3700, My vpn client is PureVPN and there guide https://www.purevpn.com/download/router-vpn its mentioned that we can select open vpn or PPTP please recommend which protocol should I use?
PPTP is faster but less secure (Google for PPTP vulnerabilities if you need to know more). OpenVPN is slower but more secure.
The choice is yours.
A summary of vulnerabilities from the wikipedia page:
- MS-CHAP-v1 is fundamentally insecure. Tools exist to trivially extract the NT Password hashes from a captured MSCHAP-v1 exchange.
- When using MS-CHAP-v1, MPPE uses the same RC4 session key for encryption in both directions of the communication flow. This can be cryptanalysed with standard methods by XORing the streams from each direction together.
- MS-CHAP-v2 is vulnerable to dictionary attacks on the captured challenge response packets. Tools exist to perform this process rapidly.
- In 2012, it was demonstrated that the complexity of a brute-force attack on a MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. An online service was also demonstrated which is capable of decrypting a MS-CHAP-v2 MD4 passphrase in 23 hours.
- MPPE uses the RC4 stream cipher for encryption. There is no method for authentication of the ciphertext stream and therefore the ciphertext is vulnerable to a bit-flipping attack. An attacker could modify the stream in transit and adjust single bits to change the output stream without possibility of detection. These bit flips may be detected by the protocols themselves through checksums or other means.
Looking at supported protocols here https://www.purevpn.com/what-is-vpn/protocols (at the bottom) and having performance in mind you're probably best of using SSTP however I haven't verified the figures Softether lists in any way. https://www.softether.org/@api/deki/files/12/=1.3.jpg?size=webview
Will Netgear WNDR3700 support the SSTP protocol?
Looks Like I should go with the openVPN thanks for sharing the details of PPTP vulnerabilities.
One thing to be aware of is that the WNDR3700 is a very old router, from the days when a 30 Mbps line was very fast. Not knowing which version you have, you may have challenges with flash space (8 MB may limit what you can install) and RAM (64 MB may not be stable). To set some reasonable expectations, the performance of the MIPS-based processors, especially on the older versions, will probably limit your VPN throughput to 5-10 Mbps, with the v5 unit perhaps at the upper end of that range.