Did you know iOS 10, macOS Sierra has a problem with crappy VPNs? You do now

SSTP

I wish Apple would put in support for SSTP. I asked a few years ago and never heard anything back. I said to drop PPTP and replace it with SSTP.

Really?

Who encourages this? Old tech that's still in use needs more than "an announcement from Apple" a few weeks before support is dropped! When my Cisco gear is not going to be supported anymore, I'm given literally YEARS of warning (I think 5 years is Cisco's minimum policy, but I could be wrong).

Dropping support for insecure protocols is all fine and dandy. Dropping it with weeks of notice, published on an obscure technical part of your web presence (how many clicks from Apple.com does it take to reach this notice?), with no reasonable workaround available is shameless and inappropriate.

I used to run one of these networks. We didn't specifically use PPTP on our VPN, but I could see us having made that choice at some point in the past and stuck with it to today. I sure as hell never heard anything about this, and the only thing I can say I would have done better is to have run the beta myself before its public release. I can't say for sure that I would have noticed this kind of feature breaking, however.

And that makes me think bad on Apple. Killing old tech is fine, but we plenty of time and ample warning in the IT departments that eternally understaffed.

WEEKS

that's plenty of time to prepare, really. I don't use apple and have never used PPTP but seems weak of them to do.

Sort of like firefox saying "oh this is not secure https so I won't let you connect no matter you know what you are doing or not".

But from what I've read at least apple allows a somewhat easy rollback to earlier OS? Such an option doesn't seem to exist for android (maybe it does after rooting or something). I've used android 5 on one pf my note 3s for 4 months now and am happy to stick to 4.4 on my main phone. I keep wifi off so ATT can't sneak in an upgrade when I'm not looking.

PPTP should have been dead years ago.

Congratulations go to Apple.

windows 10 unusable

Rendered so by company network which wasnt perfect, strangely enough the one at home is better.

BUT

windows 10 is a wart in the a... tract of mankind. This morning I switched on my machine to check a timetable.... 25 minutes later it was still doing an update I didnt ask for, didnt want and was stoppign me doing what I paid good money for a computer to do. I am going to upgrade the machine to windows 7 or linux this weekend.

Just how an os can make a quad core 2.2 ghz machine with 8 gb high speed ram and a highspeed solid state disk run worse than my old 286 did I really dont know, but windows 10 manages it

Perhaps we should install software in all the cars on the Microsoft campus, randomly when they want to go to the shops, hospital or work it will just lock doors, seal windows and sit there spending half an hour updating before it allows you to get out???? Perhaps then they will realise what a real PITA this is.

Im glad PPTP has had

A nail driven into its coffin. However, PPTP is the most widely supported VPN protocol that tends to "just work".

IPSec is a minefield. Especially with the likes of Checkpoint and their myriad VPN clients.

It also doesnt help that Windows 10 has dodgy credential management.

Ive generally been using L2TP with an IPSec policy for a while now and that seems to be almost as easy for users to grasp as PPTP.

If I had to suggest a decent alternative id suggest Open VPN. Its pretty solid and has wide support for various operating systems and as a bonus is reasonably easy for users to operate.

This is what happens when management don't listen to their technical staff

Errr. I think Apple should of notified users [and organisations] weeks ago. Another Apple failure.

PPTP had a fatal weakness exposed four years ago

http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html

If anything, Apple (and everyone else) should have done this several years ago. PPTP is easily crackable, with no way to prevent it.

*cough* BT Openreach VPN Client*cough*

Been told that iPhones belonging to a certain 'national telecoms company' fall over if latest IOS is installed. Dunno mate, was just standing here when some grease monkey whispered those words in my ear.

Ding dong the witch is dead...

About time too.

OpenVPN?

Just had a quick look and it isn't supported natively by Windows 10.

One way round the update which broke some OpenVPN clients last year was to use the built in PPTP client.

So which solution "just works" for Windows platforms, is still secure, and is easy to set up on a home server?

I am a little constrained on an upgrade path because I have a noddy VPN running on a Pi for occasional use by people travelling who need to seem to be in the UK and I need to have them all in the UK at the same time to avoid breaking the access for those abroad. Running PPTP because it was easy to set up and it was also supported natively in Windows.

Thankfully I have no IOS users. Oops; should be iOS. Could be a Cisco kid in there somewhere.

I am using Ivacy VPN. They are offering PPTP, L2TP and OpenVPN protocols in Mac app. But, after the launch of Sierra they launched a beta app for Sierra users. This version does not have PPTP and is working fine. Expecting they will soon launch its full version.

Even more reason to ditch apple

We use PPTP because we want a tunnel, NOT for security.

IKEv2 and L2TP are seriously problematic especially when double-NAT'd or on hotel or Cafe hot-spots.

We secured all our mail and data access behind HTTPS ages ago, so don't need yet another IT support headache with users calling in cos the VPN doesn't work in the crappy hotel they are in.

Occasionally for some web systems you need to 'appear' from your home network. PPTP very nicely achieves this with very little overhead. As the overlaying web connections are HTTPS it's nuts to waste performance and bandwidth adding an un-needed layer of security.

So NO. I think this is a retrograde step and forces adding a layer of security often where one is NOT needed, wasteful and costly in support.

Think.. what do a company want a VPN for..

is it security?

1/ outlook over HTTPS - nope secure by design.

2/ access to intranet sites - nope these use HTTPS

3/ access to internal file data.. - Nope these went over to WebDAV-HTTPS 12 years ago

4/ Access to internal app - Nope these are HTTPS-RDP already secured.

5/ remote access to work desktop - Nope these went HTTPS-RDP in 2003

5/ what else is there?

I would argue that there is very little and the base application access should be default secured without relying on the possible presence of a secured VPN. Fix the security issue AT SOURCE and not rely on the sticky-plaster that a VPN provides. Any admin that states that their security is provided by a VPN is failing to address the fundamental security issues at the base applications.

In my mind a secure VPN is a temporary work-round or patch to briefly use until a proper solution can be found.

So what is a VPN for?

PPTP defines the right usage (in my mind) spot on.

It is a Point-to-Point tunnel, whereby the user appears to egress onto the internet from a known location (IP Address). It is NOT about providing any form of security or encryption.

Where is this useful/needed:

a) accessing a suppliers website (HTTPS) that is locked to IP address block (we have several of these)

b) accessing geo-blocked websites like the BBC

c) accessing google search and getting correct country results for your home country

The geo-block bypass is really the last remaining need for using a VPN and this DOES NOT NEED SECURITY.

#rant over