PPTP installed by default

pptpclient and networkmanager-pptp are installed by default. It’s doing inexperienced users a disservice, enabling them to connect to the most insecure way to anywhere. In my humble opinion, those packages should be removed from the repos entirely, so if the user is experienced enough to jump through hoops to install this possible security vulnerability to their computer, they actually might be aware, what they are doing.

The first two sentences in the wikipedia are even The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks. PPTP has many well known security issues.

Just google pptp hacking.

They are inherited from Arch and the protocol itself is still used.

Whether it is secure or not :man_shrugging: the same can be said of telnet.

Whether to use it or not - that is not a decision to be made by Manjaro as distribution.

1 Like

if you use word telnet, nobody would associate it with “safe”. It’s a tool to test network connections. and open TCP ports. :sweat_smile:

$ telnet forum.manjaro.org 80
Trying 135.181.38.249...
Connected to forum.manjaro.org.
Escape character is '^]'.
GET / HTTP/1.0
Host: forum.manjaro.org

HTTP/1.1 301 Moved Permanently
Server: nginx/1.26.1
Date: Sat, 11 Jan 2025 13:56:52 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
Location: https://forum.manjaro.org/

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.26.1</center>
</body>
</html>
Connection closed by foreign host.

…whereas when you use word VPN then 99% of people assume it’s secure connection, regardless of the type used.

And a remote access tool - like ssh

1 Like

Many ISPs use it as an authentication method for home internet usage instead of ppp for some reason.
Let’s not remove basic stuff just because YOU do not use it. What will be next, wifi, ethernet? Manjaro is supposed to be at least somewhat user friendly. For the rest there is arch from scratch and gentoo, etc.

And pptp is secure if you run it inside an ip-sec tunnel… in fact this combo is quite often used when connection between two sites needs to be secure.

Why would you use pptp inside already secure tunnel?
It’s like saying … … telnet is secure if you use it in ipsec tunnel.

ipsec is a transport tunnel - it cannot be routed - that is why pptp is used inside the tunnel - because it is routable.

I bet you just discovered that pptp can be compromised - but you don’t have the full picture so you request that a network manager addon should not be available based on your discovery.

I am sorry - that is not how it works.

If you use pptp as the only means of traffic - yes it can be compromized - yet it is still widely used inside other tunneling as it is routable.

2 Likes

Didn’t know that. I suppose it’s OK in this use case, when you use it only to connect to your ISP, not some remote server over public internet (like to your home network from public wifi in internet cafe or something).

IPsec tunnel mode, hello…

Known that for two decades. I recently found out, thanks to mapare, that it’s now installed by default by Manjaro. Which wasn’t the case at least a year ago… afaik (it was available, sure, but it wasn’t installed). At least it didn’t say I was missing it compared to base install.

Warning: PPTP is dangerously insecure. Have a good reason to use it.

https://pptpclient.sourceforge.net/

I see no reason to include it by default. I’ve removed networkmanager-pptp from the ISO profiles.

4 Likes

some deviation from Arch, I guess
oh well …

How do you mean? networkmanager-pptp is definitely not installed by default on Arch and the package is not required by anything.

To be clear, the package is inherited from Arch as mentioned above and is still available to install should one wish.

I know.
I was a bit ambiguous.
I shouldn’t have said anything at all.