According to the
handbook, special characters are not supported in PPTP passwords. This is a major security risk since any expert will tell you that using special characters greatly increases password strength. The only option for strengthening your VPN in this case is to use a very long password like 20+ characters.
I've just noticed this is still the case in 1.32.
I also discovered that if you really want special characters for your PPTP passwords it is possible to fool m0n0wall by backing up your configuration, editing the password in the xml config file, and then restoring your configuration.
The PPTP passwords, unlike the other passwords, are stored in plain text in the xml config file, so avoid the '<' and '&' and other characters which may be illegal in xml.
I'm wondering whether having the passwords in plain text isn't a security risk, and if they were encoded like the other passwords special characters would cease to be a problem.