When I upgraded my iPad and iPhone to iOS 10, my MacBook to macOS, I found that PPTP VPN was removed? Why did Apple decide to do it? I think the reason is, PPTP VPN is not secure. Why? The Stanford on-line course, Cryptography I, answers the question.
PPTP VPN uses the same key for encryption in both directions between client and server.
In the client side, the messages, m1, m2 and m3, are encrypted by G(k) before sending to the server. G is PRG.
CiphertextClient = [m1 || m2 || m3] xor G(k)
In the server side, the message, s1, s2, and s3, are encrypted by G(k) before sending to the client.
CiphertextServer = [s1 || s2 || s3] xor G(k)
If the ciphertext of client and server are intercepted, a hacker can break the ciphertext without knowing G(k) because,
CiphertextClient xor CiphertextServer =
[m1 || m2 || m3] xor [s1 || s2 || s3]
Even though client and server use stream cipher, it is still not secure because client and server share the same G(k).
That is also why TLS uses different key for encryption in both client and server.