[pptp-server] Linx PPTP -> Cisco VPN Adaptor

John Hovell john.hovell at home.com
Sun Sep 10 17:12:59 CDT 2000


Timothy --

Timothy Findlay wrote:

> I've heard IPSec is actually better than PPTOP,

Um, well lets see.  Yes.  To be blunt.  Just a bit.  In fact, PPTP is basically
known as *insecure* even with 128-bit encryption enabled (which if you want to
talk about something that is a pain in the arse to set up).  Check out:

http://www.counterpane.com/pptp.html

> but it's a _REAL_ pain in the
> arse to setup, is this sorta true ?!? should I attempt it ??

Yes, you should definitely attempt it.  PPTP is *not* secure, and is provided on
Linux, simply to provide compatibility with MS products.  (yes, or when data
integrity/secrecy is not important... PPTP in general is a great tunneling
protocol.)

Check out FreeS/WAN:
http://www.freeswan.org.

Download it... untar it.  Configure, do "make newgo" or whatever it is called,
and install the kernel and reboot.  There are 2 conf files (/etc/ipsec.conf and
/etc/ipsec.secrets) which are very easy to set up.  There is even a patch for it
to use X.509 certificates, to ensure compatibility with PGPnet (Network
Associates PGP package for Win9x/NT). (Do not use this paragraph as your
instruction manual; I'm just typing this to show you its not hard to set up)
(does require a kernel-recompile, but so does PPTP w/ encryption).

Microsoft's PPTP is a "last resort" solution when nothing else is possible.
IPSec is the IPv6 standard, and using 3DES encryption and SHA or MD5 provides
currently "unbreakable" encryption and data integrity... not to mention is more
robust and configurable; it is also truly peer-to-peer, and is *not* a
Point-to-Point protocol (although it can be configured that way if you want or
need PPP).

And yes, IPSec is what Cisco and just about any router I can think of uses for
VPN's.

Cheers,
John

> "Charles C. Duffy" wrote:
>
> > On Sat, Sep 09, 2000 at 09:40:26AM +1000, Timothy Findlay wrote:
> > > I setup PPTP on a Linux Internet gateway at work a few weeks ago, and
> > > all has been great, people are been authenticating against the PDC and
> > > all which is great, but now were opening a new little office overseas,
> > > and I just found out they've brought  a 17xx Cisco router, which they
> > > want to use to connect to the VPN, as it's overseas there some other
> > > cluey dude on the other end to setup the cisco, but what do I need to do
> > > to my Linux box, can it do it ?!?!?
> >
> > Depends on the Cisco.
> >
> > One option would be to use CIPE (available as part of the International
> > Kernel Patch, kerneli.org), or better (if the Cisco supports it) IPsec.
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list