OT Re: [pptp-server] Linx PPTP -> Cisco VPN Adaptor

Yan Seiner yan at cardinalengineering.com
Sun Sep 10 18:10:52 CDT 2000 

I struggled mightily about a year ago to get freeswan running.  In the
end I gave up and went with vtund.

Are you saying that most of the config stuff has been sorted out?  When
I was playing with it, it was really alpha code as far as
interoperability with other vendors and abilty to work with non-fixed
IPs.

I agree with the comments on PPTP - except that it is actually a pretty
good protocol, just MS broke it REALLY REALLY badly and called it a new
standard.  pptp WITHOUT the MS patches is pretty good AFAIK.

--Yan

John Hovell wrote:
> 
> Timothy --
> 
> Timothy Findlay wrote:
> 
> > I've heard IPSec is actually better than PPTOP,
> 
> Um, well lets see.  Yes.  To be blunt.  Just a bit.  In fact, PPTP is basically
> known as *insecure* even with 128-bit encryption enabled (which if you want to
> talk about something that is a pain in the arse to set up).  Check out:
> 
> http://www.counterpane.com/pptp.html
> 
> > but it's a _REAL_ pain in the
> > arse to setup, is this sorta true ?!? should I attempt it ??
> 
> Yes, you should definitely attempt it.  PPTP is *not* secure, and is provided on
> Linux, simply to provide compatibility with MS products.  (yes, or when data
> integrity/secrecy is not important... PPTP in general is a great tunneling
> protocol.)
> 
> Check out FreeS/WAN:
> http://www.freeswan.org.
> 
> Download it... untar it.  Configure, do "make newgo" or whatever it is called,
> and install the kernel and reboot.  There are 2 conf files (/etc/ipsec.conf and
> /etc/ipsec.secrets) which are very easy to set up.  There is even a patch for it
> to use X.509 certificates, to ensure compatibility with PGPnet (Network
> Associates PGP package for Win9x/NT). (Do not use this paragraph as your
> instruction manual; I'm just typing this to show you its not hard to set up)
> (does require a kernel-recompile, but so does PPTP w/ encryption).
> 
> Microsoft's PPTP is a "last resort" solution when nothing else is possible.
> IPSec is the IPv6 standard, and using 3DES encryption and SHA or MD5 provides
> currently "unbreakable" encryption and data integrity... not to mention is more
> robust and configurable; it is also truly peer-to-peer, and is *not* a
> Point-to-Point protocol (although it can be configured that way if you want or
> need PPP).
> 
> And yes, IPSec is what Cisco and just about any router I can think of uses for
> VPN's.
> 
> Cheers,
> John
> 
> > "Charles C. Duffy" wrote:
> >
> > > On Sat, Sep 09, 2000 at 09:40:26AM +1000, Timothy Findlay wrote:
> > > > I setup PPTP on a Linux Internet gateway at work a few weeks ago, and
> > > > all has been great, people are been authenticating against the PDC and
> > > > all which is great, but now were opening a new little office overseas,
> > > > and I just found out they've brought  a 17xx Cisco router, which they
> > > > want to use to connect to the VPN, as it's overseas there some other
> > > > cluey dude on the other end to setup the cisco, but what do I need to do
> > > > to my Linux box, can it do it ?!?!?
> > >
> > > Depends on the Cisco.
> > >
> > > One option would be to use CIPE (available as part of the International
> > > Kernel Patch, kerneli.org), or better (if the Cisco supports it) IPsec.
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
> 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!

More information about the pptp-server mailing list