[pptp-server] Linx PPTP -> Cisco VPN Adaptor

Timothy Findlay tfindlay at prodevelop.com.au
Tue Sep 12 16:47:22 CDT 2000


Yup, I've d/l'd it all (the freeswan one), it wouldn't compile with my 2.4 kernel,
so I've gone back to the regular 2.2 one, and it's all compiled up and installed
fine (that wasn't hard!), the catch now is working out how to configure it! I'm
following some examples by ean-Francois Nadeau which look pretty cool, the catch is
I sorta need to have it working 'yesterday' as such, as theres a guy on the other
side of the globe waiting for me to give him all the details, and he doesn't speak
much english! :(

I've got a Wincrudy 2000 box here which I'm working with as a client to see if I can
get it to work, else I'll build another linux box.

Worse case scenario, if I can get it to work by the end of the weekish, we'll pay
someone else to come and setup, as we do sorta have another cisco 2611 on our 'main
office' as such, I was just trying to avoid this, not so much for the cost, but 98%
of our IT gear is all setup & managed by 3rd party consultants, we're supposed to be
the IT team, and we dont know crap about anything! Anywyas, Thanks for your help
guys!

Tim.


John Hovell wrote:

> Timothy --
>
> Timothy Findlay wrote:
>
> > I've heard IPSec is actually better than PPTOP,
>
> Um, well lets see.  Yes.  To be blunt.  Just a bit.  In fact, PPTP is basically
> known as *insecure* even with 128-bit encryption enabled (which if you want to
> talk about something that is a pain in the arse to set up).  Check out:
>
> http://www.counterpane.com/pptp.html
>
> > but it's a _REAL_ pain in the
> > arse to setup, is this sorta true ?!? should I attempt it ??
>
> Yes, you should definitely attempt it.  PPTP is *not* secure, and is provided on
> Linux, simply to provide compatibility with MS products.  (yes, or when data
> integrity/secrecy is not important... PPTP in general is a great tunneling
> protocol.)
>
> Check out FreeS/WAN:
> http://www.freeswan.org.
>
> Download it... untar it.  Configure, do "make newgo" or whatever it is called,
> and install the kernel and reboot.  There are 2 conf files (/etc/ipsec.conf and
> /etc/ipsec.secrets) which are very easy to set up.  There is even a patch for it
> to use X.509 certificates, to ensure compatibility with PGPnet (Network
> Associates PGP package for Win9x/NT). (Do not use this paragraph as your
> instruction manual; I'm just typing this to show you its not hard to set up)
> (does require a kernel-recompile, but so does PPTP w/ encryption).
>
> Microsoft's PPTP is a "last resort" solution when nothing else is possible.
> IPSec is the IPv6 standard, and using 3DES encryption and SHA or MD5 provides
> currently "unbreakable" encryption and data integrity... not to mention is more
> robust and configurable; it is also truly peer-to-peer, and is *not* a
> Point-to-Point protocol (although it can be configured that way if you want or
> need PPP).
>
> And yes, IPSec is what Cisco and just about any router I can think of uses for
> VPN's.
>
> Cheers,
> John
>
> > "Charles C. Duffy" wrote:
> >
> > > On Sat, Sep 09, 2000 at 09:40:26AM +1000, Timothy Findlay wrote:
> > > > I setup PPTP on a Linux Internet gateway at work a few weeks ago, and
> > > > all has been great, people are been authenticating against the PDC and
> > > > all which is great, but now were opening a new little office overseas,
> > > > and I just found out they've brought  a 17xx Cisco router, which they
> > > > want to use to connect to the VPN, as it's overseas there some other
> > > > cluey dude on the other end to setup the cisco, but what do I need to do
> > > > to my Linux box, can it do it ?!?!?
> > >
> > > Depends on the Cisco.
> > >
> > > One option would be to use CIPE (available as part of the International
> > > Kernel Patch, kerneli.org), or better (if the Cisco supports it) IPsec.
> >
> > _______________________________________________
> > pptp-server maillist  -  pptp-server at lists.schulte.org
> > http://lists.schulte.org/mailman/listinfo/pptp-server
> > List services provided by www.schulteconsulting.com!
>
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!




More information about the pptp-server mailing list