VPN Capability Overview
pfSense contains multiple VPN technologies, all of which work well.
- L2TP/IPsec (pfSense 2.2 and up)
- IKEv2 (pfSense 2.2 and up)
- Tinc (Via add-on packages)
- PPTP (Removed from pfSense 2.3 and later)
| PPTP is no longer considered a secure VPN technology because it relies upon MS-CHAPv2 which has been compromised. If you continue to use PPTP be aware that intercepted traffic can be decrypted by a third party, so it should be considered unencrypted. We advise migrating to another VPN type such as OpenVPN or IPsec.
More information on this can be found at https://isc.sans.edu/diary/End+of+Days+for+MS-CHAPv2/13807 and https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/
The best choice for a given network depends on a number of factors. These are discussed in the VPN chapter of the pfSense book.