![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Hey guys...
I'm currently using a spare DD-WRT as a PPTP-server. I primarily use it for tunneling out of hotspots and hotel networks...as well as occasionally accessing my home surveillance system.
The DD-WRT sits behind my primary router/firewall...with port 1723 forwarded to the DD-WRT. Is this a safe practice? I've read that PPTP is somewhat insecure in terms of VPNs. I've seen some info on SANS indicating that a safer practice would be to put the PPTP server in a DMZ, and then have the traffic from the PPTP pass through another "LAN firewall" prior to entering my LAN. It's illustrated as "Topology 4" on the below link.
https://www.sans.org/security-resources/malwarefaq/pptp-vpn.php
In your opinion...would doing so provide a significant security improvement? If so...how would I configure the PPTP server and the "LAN firewall"? I have another DD-WRT router (not VPN capable) sitting around...so I assume that I could use that as a "LAN Firewall".
Or...as a home network...would any additional security not be worth the headache?
Thanks in advance, guys.
I'm currently using a spare DD-WRT as a PPTP-server. I primarily use it for tunneling out of hotspots and hotel networks...as well as occasionally accessing my home surveillance system.
The DD-WRT sits behind my primary router/firewall...with port 1723 forwarded to the DD-WRT. Is this a safe practice? I've read that PPTP is somewhat insecure in terms of VPNs. I've seen some info on SANS indicating that a safer practice would be to put the PPTP server in a DMZ, and then have the traffic from the PPTP pass through another "LAN firewall" prior to entering my LAN. It's illustrated as "Topology 4" on the below link.
https://www.sans.org/security-resources/malwarefaq/pptp-vpn.php
In your opinion...would doing so provide a significant security improvement? If so...how would I configure the PPTP server and the "LAN firewall"? I have another DD-WRT router (not VPN capable) sitting around...so I assume that I could use that as a "LAN Firewall".
Or...as a home network...would any additional security not be worth the headache?
Thanks in advance, guys.