When planning a WLAN at the University of Freiburg, I analyzed the Point-To-Point-Tunneling-Protocol (PPTP) and tried to find out, whether it fulfilled our requirements:
During my research I found a detailed analysis of the PPTP protocol by Bruce Schneier, which is available from https://www.schneier.com/pptp.html. The weaknesses outlined there and the restriction of a our environment (the wireless traffic can easily be audited, UNIX passwords are at most eight characters - besides, they normally do not deserve the name password but just word) lead me to the conclussion that PPTP doesn't meet any of our requirements.
Meanwhile, we are running a Linux & FreeS/WAN (IPSec) solution, which will soon be replaced by a Cisco VPN (also IPSec) solution due to the growing bandwidth consumption of our wireless network.
Anyway, while I thought it was obvious that PPTP wouldn't meet our requirements, others thought it wasn't. "Microsoft says it's secure, everybody is using it, and besides, it's those weaknesses are only theoretical". To prove those points false, I summarized my results and wrote a short program demonstrating how easy a password can be extracted from the MSCHAPv2 authentication protocol.