Even more reason to ditch apple
We use PPTP because we want a tunnel, NOT for security.
IKEv2 and L2TP are seriously problematic especially when double-NAT'd or on hotel or Cafe hot-spots.
We secured all our mail and data access behind HTTPS ages ago, so don't need yet another IT support headache with users calling in cos the VPN doesn't work in the crappy hotel they are in.
Occasionally for some web systems you need to 'appear' from your home network. PPTP very nicely achieves this with very little overhead. As the overlaying web connections are HTTPS it's nuts to waste performance and bandwidth adding an un-needed layer of security.
So NO. I think this is a retrograde step and forces adding a layer of security often where one is NOT needed, wasteful and costly in support.
Think.. what do a company want a VPN for..
is it security?
1/ outlook over HTTPS - nope secure by design.
2/ access to intranet sites - nope these use HTTPS
3/ access to internal file data.. - Nope these went over to WebDAV-HTTPS 12 years ago
4/ Access to internal app - Nope these are HTTPS-RDP already secured.
5/ remote access to work desktop - Nope these went HTTPS-RDP in 2003
5/ what else is there?
I would argue that there is very little and the base application access should be default secured without relying on the possible presence of a secured VPN. Fix the security issue AT SOURCE and not rely on the sticky-plaster that a VPN provides. Any admin that states that their security is provided by a VPN is failing to address the fundamental security issues at the base applications.
In my mind a secure VPN is a temporary work-round or patch to briefly use until a proper solution can be found.
So what is a VPN for?
PPTP defines the right usage (in my mind) spot on.
It is a Point-to-Point tunnel, whereby the user appears to egress onto the internet from a known location (IP Address). It is NOT about providing any form of security or encryption.
Where is this useful/needed:
a) accessing a suppliers website (HTTPS) that is locked to IP address block (we have several of these)
b) accessing geo-blocked websites like the BBC
c) accessing google search and getting correct country results for your home country
The geo-block bypass is really the last remaining need for using a VPN and this DOES NOT NEED SECURITY.
#rant over