Just because i often read mails like 'we are using a pptp VPN' on this list: pptp is horrible weak and should not be used to protect critical channels or to authenticate users. A paper can be found at http://stealth.7350.org/chap.pdf. I know it doesnt help in this case but I hope it helps one to decide against pptp :)
So what do u recommend that people use instead of pptp
Definitely IPsec! :>) That's both a matter of both taste and requirements.
the install script does everything for you; patch the kernel, build & install it :-) The less kernel patches required, the better I like it.
The configuration is more of a challenge, I just printed out some 120 pages of docs and read them very patiently and extensively (Though when it comes to security- critical software you should do this anyway...!!) The simpler it is the better I like it (both from a maintenance as well as a security point of view). Complex -> much code -> many bugs. Much configuration -> much time and many mistakes that are hard to find.
Also have a look at cipe. - It's not a standard (no co-op with Cisco and friends). - It's a module without kernel patches. - It runs on most Microsoft platforms. - It uses UDP for transport (never use TCP for serious tunnelling). - It's got one small config file (and even that causes enough problems to those who don't know - their networking basics). - It supports IPTABLES NAT and bridging. - There is some version confusion right now (I'm using a snapshot till that sorts itself out). - It's got a good security track record. - I used it for years and am very satisfied. So it fits my taste and requirements best. You should have a look around and decide for yourself. Peter