Starting with macOS Sierra and iOS 10, Apple has withdrawn support for one of the methods of implementing a virtual private networks (VPN), the point-to-point tunneling protocol (PPTP). Even though the protocol is still available in earlier versions of its mobile and desktop software, Apple has dropped support for PPTP for security reasons. In other words, if you have set up a VPN server using PPTP, iOS and macOS Sierra users will no longer be able to connect to it. iOS and macOS will display an error message informing users about the security risk that a connection via PPTP represents, and the only option users have is to select “OK”. That, however, doesn’t mean they will connect to the VPN server.
Why Apple Dropped Support for PPTP
Apple has rightfully made this move due to the fact that PPTP has failed numerous security analyses in which serious security vulnerabilities in the protocol had been discovered. Actually, even Microsoft, the creator of the protocol, recommends not using PPTP or MS-CHAPv2 (Microsoft Challenge Handshake Authentication Protocol version 2). The latter is widely used as an authentication method in PPTP-based VPNs. Microsoft’s security advisory document released in 2012 talks about the issue caused by known cryptographic weaknesses in the MS-CHAPv2 protocol that allows hackers to exploit its vulnerabilities to obtain a user’s credentials.
Best VPN Services for Mac of 2017
Apple Recommends Using More Safe Protocols
In a support document updated in mid-2017, Apple suggests users deploy other, more secure protocols for user-based authentication, such as L2TP (Layer To Tunneling Protocol), IKEv2 (Internet Key Exchange version 2) and IPSec (Internet Protocol Security), and even mentions several SSL VPN clients available in the iOS App Store. IPSec is a set of protocols used to secure internet traffic that provides much stronger security than PPTP, while IKEv2 is more secure than IPSec since it supports AES 128, AES 192, AES 256 encryption. Because L2TP doesn’t provide strong encryption or authentication by itself, in most cases it is implemented along with IPSec.
The side effect of withdrawing support for an insecure and outdated protocol is that Apple is (finally) forcing users of its latest mobile and desktop operating systems – as well as operators of VPN systems – to take the step toward a more secure internet browsing experience.
How to Connect PPTP VPN on macOS Sierra
While it is still possible to connect to a VPN over PPTP on macOS Sierra, it is not recommended to do so if you really want to protect yourself from cybercriminals. But sometimes there is no choice, of course, and you’ll need to connect to VPN via PPTP despite its insecurities, but until the VPN access service gets upgraded to support safer protocols this is unavoidable.
For those who just can’t part with the protocol just yet, the good news is you have various options to connect via VPN clients that still support the outdated protocol. One of them is Shimo, which costs $50 per user, but offers a 30-day free trial to test the service. To make it work, create a new PPTP/L2TP account and simply follow the instructions, and you’ll be good to go. However, Flow VPN does the same for free. This client supports both PPTP and OpenVPN on macOS Sierra; just overwrite the Flow VPN server address with any server, and make a connection.