Microsoft PPTP: originally had a weak encryption function, algorithm (RSA), the TCP port (1723) used for connection control was vulnerable to DoS attacks, only the data was encrypted. NT: Service Pack 4 closed these vulnerabilities, Win 9x clients should be upgraded to DUN 1.3 to use these improvements.
IPSec: very difficult to understand, even by experts.
- Hackers do not seem to have figured it out yet, what is good.
- Schneier and Ferguson (renowned experts) conclusion: IPSec is too complex to be secure, but it is better than any other security protocol in existence.
- Different implementations: VPN requires the use of VPN gateways in the server side. Read this article to see a comparison of these types.