I need to set up a VPN for our small office. There will only be one person using it, and they will be transmitting private financial information in many cases.
I know that PPTP has a number of security vulnerabilities, but are any of them critical to the point where I should set up an OpenVPN server instead, assuming both ends of the connection are trusted and a strong password is being used?
If you're that concerned about it, why not go for peace of mind and set up an openvpn connection? They are quite simple to set up, and if anything were to go wrong (as far as a compromise is concerned), using a more secure set up will help prove you weren't criminally negligent. It's a sad but real truth that you need to cover you butt when dealing with network security.
http://openvpn.net/index.php/open-source/documentation/howto.html
There has been some time that has passed since PPTP's initial inception and rollout.
These days there are also a number of application protocols which are secure within themselves (where there was not in the past). If that is the case with your specific deployment, then PPTP may adequately serve as the initial/external delivery transport.
Once this user is connected via PPTP, what mechanism will they be using to actually transfer this data? If they're using ssh (scp, sftp, et al) or SSL encryption over a PPTP tunnel, you will have multiple layers of protection and will have to worry about the PPTP connection itself less. DKNUCKLES has a good point though, OpenVPN is pretty simple to setup and one user is easy to support. Just spend a few more minutes and do it the "better" way.