VPN

Hi.
First ting first, nice work guys/(girls) for the m0n0wall product.

I have a problem with the PPTP password thingy, it seems like you can't use special chars in a password like ! # €$£@?§ and so on.

Is it my configuration or is it the m0n0wall config. or ?

Best regards

Rasmus

[handbook]

Rasmus,

According to the handbook, special characters are not supported in PPTP passwords.  This is a major security risk since any expert will tell you that using special characters greatly increases password strength.  The only option for strengthening your VPN in this case is to use a very long password like 20+ characters.

from what I've read (Disclaimer: I'm no expert), special characters are good but password length is much more critical.

CS...

Thansk for all replies, i will generate a 20+ length password.

[handbook]

According to the handbook, special characters are not supported in PPTP passwords.  This is a major security risk since any expert will tell you that using special characters greatly increases password strength.  The only option for strengthening your VPN in this case is to use a very long password like 20+ characters.

I've just noticed this is still the case in 1.32.

I also discovered that if you really want special characters for your PPTP passwords it is possible to fool m0n0wall by backing up your configuration, editing the password in the xml config file, and then restoring your configuration.

The PPTP passwords, unlike the other passwords, are stored in plain text in the xml config file, so avoid the '<' and '&' and other characters which may be illegal in xml.

I'm wondering whether having the passwords in plain text isn't a security risk, and if they were encoded like the other passwords special characters would cease to be a problem.