Before I plunge into the PPTP endpoint description, let's first cover the WZR's VPN pass-through capabilities. In a nutshell, it supports multiple pass-through sessions for IPsec, L2TP and PPTP clients and also supports connection to multiple remote VPN gateways. For some reason, there's only a checkbox for IPsec passthrough on the Network Address Translation page, but Buffalo assured me that all three protocols are supported.
Figure 9 shows the controls (and defaults) for the WZR's PPTP server, which turned out to be just fine for my test using a Win XP Home SP2 client.
Note: I actually started out using the built-in External Connection wizard (accessible via a button on the Top page). But I bailed out at the Host Name Registration step because I couldn't follow the explanation of what I was supposed to enter, and just ended up entering my User account information on the PPTP Server page.
Figure 9: PPTP server configuration
(click image for larger view)
Note that the default "authentication" actually sets MS-CHAPv2 authentication and MPPE 40 / 128 bit tunnel encryption. The latter part is especially important since early PPTP implementations encrypted the authentication (login) transaction only, leaving the actual data in the VPN tunnel unencrypted. This false sense of security helped PPTP gain its reputation as a very weak "VPN" technology, which remains to this day...at least among some users.
I have to confess that I was one of those users, until I did a little research while writing this review. I've reached the conclusion that while the combination of MS-CHAPv2 / MPPE 40 / 128 isn't as secure as L2TP or IPsec - which use stronger 3DES encryption and have the options of certificate-based authentication - it's a hell of a lot easier to set up and use.