Is it possible to run pptpd with certificates and is it recommend?

Question

To secure my internet experience, I want to set up a vpn on a on-demand way using amazon AWS EC2.

My primary client is running with windows 7 professional. (Maybe further clients will be my android phone and a fedora netbook.) The VPN should be a linux machine, I tend to debian/cent-os. This machine is exclusively used for this purpose.

I found several ways to set up pptpd on a vpn, but only with username/password-authentication. at least, that this password is stored in plaintext on the configuration makes me a headache. I have no problem to use a secure password using KeePass (I'm used to work with it), but I don't like to store a plaintext password, even it's only for this purpose.

I would prefer to use a certification stored at my client(s). So my questions are

1. is pptpd a recommend technology? if not, why?
2. can I set up pptpd to accept a kind of certification as authentication?
3. If not, which technology/software is recommend? Should I use openvpn?

Answer 1

is pptpd a recommend technology? if not, why?

No. In the vast majority of implementations it's not a secure solution. There are ways of securing it, but its often more trouble than it's worth.

can I set up pptpd to accept a kind of certification as authentication?

Dunno. You shouldn't be using it anyway.

If not, which technology/software is recommend? Should I use openvpn?

OpenVPN is an excellent choice. It can use username/password auth, certificate auth, or both. It's very simple to set up, and clients are available for all workstation OSes as well as Android and iOS.