OT Re: [pptp-server] Linx PPTP -> Cisco VPN Adaptor
Yan Seiner
yan at cardinalengineering.com
Sun Sep 10 18:10:52 CDT 2000
I struggled mightily about a year ago to get freeswan running. In the
end I gave up and went with vtund.
Are you saying that most of the config stuff has been sorted out? When
I was playing with it, it was really alpha code as far as
interoperability with other vendors and abilty to work with non-fixed
IPs.
I agree with the comments on PPTP - except that it is actually a pretty
good protocol, just MS broke it REALLY REALLY badly and called it a new
standard. pptp WITHOUT the MS patches is pretty good AFAIK.
--Yan
John Hovell wrote:
>
> Timothy --
>
> Timothy Findlay wrote:
>
> > I've heard IPSec is actually better than PPTOP,
>
> Um, well lets see. Yes. To be blunt. Just a bit. In fact, PPTP is basically
> known as *insecure* even with 128-bit encryption enabled (which if you want to
> talk about something that is a pain in the arse to set up). Check out:
>
> http://www.counterpane.com/pptp.html
>
> > but it's a _REAL_ pain in the
> > arse to setup, is this sorta true ?!? should I attempt it ??
>
> Yes, you should definitely attempt it. PPTP is *not* secure, and is provided on
> Linux, simply to provide compatibility with MS products. (yes, or when data
> integrity/secrecy is not important... PPTP in general is a great tunneling
> protocol.)
>
> Check out FreeS/WAN:
> http://www.freeswan.org.
>
> Download it... untar it. Configure, do "make newgo" or whatever it is called,
> and install the kernel and reboot. There are 2 conf files (/etc/ipsec.conf and
> /etc/ipsec.secrets) which are very easy to set up. There is even a patch for it
> to use X.509 certificates, to ensure compatibility with PGPnet (Network
> Associates PGP package for Win9x/NT). (Do not use this paragraph as your
> instruction manual; I'm just typing this to show you its not hard to set up)
> (does require a kernel-recompile, but so does PPTP w/ encryption).
>
> Microsoft's PPTP is a "last resort" solution when nothing else is possible.
> IPSec is the IPv6 standard, and using 3DES encryption and SHA or MD5 provides
> currently "unbreakable" encryption and data integrity... not to mention is more
> robust and configurable; it is also truly peer-to-peer, and is *not* a
> Point-to-Point protocol (although it can be configured that way if you want or
> need PPP).
>
> And yes, IPSec is what Cisco and just about any router I can think of uses for
> VPN's.
>
> Cheers,
> John
>
> > "Charles C. Duffy" wrote:
> >
> > > On Sat, Sep 09, 2000 at 09:40:26AM +1000, Timothy Findlay wrote:
> > > > I setup PPTP on a Linux Internet gateway at work a few weeks ago, and
> > > > all has been great, people are been authenticating against the PDC and
> > > > all which is great, but now were opening a new little office overseas,
> > > > and I just found out they've brought a 17xx Cisco router, which they
> > > > want to use to connect to the VPN, as it's overseas there some other
> > > > cluey dude on the other end to setup the cisco, but what do I need to do
> > > > to my Linux box, can it do it ?!?!?
> > >
> > > Depends on the Cisco.
> > >
> > > One option would be to use CIPE (available as part of the International
> > > Kernel Patch, kerneli.org), or better (if the Cisco supports it) IPsec.
> >
> > _______________________________________________
> > pptp-server maillist - pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist - pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
More information about the pptp-server
mailing list