[ILUG] VPN
Martin Feeney
martin at tuatha.org
Thu Jun 14 17:27:07 IST 2007
Jeroen Massar wrote:
> PoPToP is your answer: http://www.poptop.org
>
> Only requires the server to be configured correctly, which is full
> explained in the provided documentation to be found at the site:
> http://poptop.sourceforge.net/dox/
>
> Detailing all you might ever need from simple to very complex models.
>
> good one to start is:
> http://poptop.sourceforge.net/dox/redhat-howto.phtml
>
> Of course apt-get install ppptpd works.
>
> Windows clients already have PPTP clients, thus all that works,
> documentation for that is also on the site.
If you want security on your connection, Poptop/PPtP is not so easy to use.
Installing MPPE (Microsoft's Encryption for PPtP) requires patching your
kernel (and fighting with config files until you get guaranteed encryption
and not the usual silent fallback to unencrypted that happens with PPtP and
IPSEC on windows clients).
There are some serious design flaws in MPPE that makes it pretty much
pointless [1][2].
Windows PPtP clients by default have unencrypted (or low security 56 bit
encrypted) PPtP installations so every client normally requires patching too.
I'd recommend openvpn over PPtP or IPSEC any day. The windows gui client
is simple to install and linux server install is a lot too.
1. http://www.sans.org/resources/malwarefaq/pptp-vpn.php
2. http://www.schneier.com/pptp-faq.html
More information about the ILUG
mailing list