I just read an article about why it's NOT a good idea to use MS-CHAPv2 as authentication solution for things like a VPN connection. The culprit: it's pretty easy to obtain the password hash.
I checked 'Routing and remote access' and it uses MS-CHAPv2 for authentication. Now we do use a VPN connection once in a while and it's bound by the router/firewall to only a couple of IP-addresses, so I don't think (hope) someone else can get access to our network. But just to be on the safe side, how should I configure RRas to use a better authentication solution? On tab 'Security' there are some other options I can choose, like EAP, CHAP, PAP (both NOT recommended) and machine certificate authentication for IKEv2.
And if I change things on the server side, what do I need to do on the client side?
Simon
