PPTP vs. SSL

Eric "Shubes" plug at shubes.net
Sat Oct 21 08:21:27 MST 2006


I would set up an IPCop firewall at the office. It has OpenVPN built in, so
IPCop<-->IPCop tunneling is a piece of cake, in case any of your home users
also have an IPCop. This can also work with dynamic IP addresses at both
ends, btw. It's also possible to configure IPCop for road warriors, but that
takes slightly more doing.

Maybe we should have an(other) IPCop presentation at the users meeting, if
there's interest. IPCop is a good way to bring less capable boxes out of
retirement.

jordi laforge wrote:
> I'm trying to provide a roadwarrior situation. Here is what I'm looking at:
> Small 8-12 user lan.
> 4-5 of these users have home pc's(Windows) that they'd like to use to
> connect to the
> office and user the file server\ email\ databases.
> The windows file server has PPTP capabilities.
> 
> I could either use the Windows PPTP or setup another server running
> Linux with openvpn. Or something else I haven't thought of....but you
> guys suggest.
> Whaddya think?
> 
> 
> On 10/20/06, *Kurt Granroth* <plug-discuss at granroth.org
> <mailto:plug-discuss at granroth.org>> wrote:
> 
>     jordi laforge wrote:
>     > Which would you use? Can you transfer files over SSL? Just looking for
>     > opinions.
> 
>     I would guess that since you mention PPTP that you are looking for a VPN
>     solution... but that doesn't jibe with your comment about transferring
>     files.  Can you give a bit more detail on what you are trying to do?
> 
>     I'll give a scattershot of comments though and maybe one or two will hit
>     the mark.
> 
>     PPTP is a VPN solution and SSL is a (streaming?) encryption standard.
>     You can use SSL as the encryption layer of a VPN, though, which is
>     exactly what OpenVPN uses.  I recommend OpenVPN as a VPN solution if you
>     have the opportunity.
> 
>     If you just want to transfer files over a non-secure network in a
>     secure
>     manner, then you have a few choices.  If it's just file upload and
>     download, then I typically use ssh either directly with 'scp' or 'sftp'
>     or 'rsync'.
> 
>     If you are downloading only from a static source that you control and
>     you have no SSH access, then you can use SSL via HTTPS.
> 
>     If you want to use an unencrypted network protocol in an encrypted
>     manner, then you can create a tunnel either with ssh or stunnel.
> 
>     Did any of those come close to what you're looking for?
> 
>     Kurt
>     ---------------------------------------------------


-- 
-Eric 'shubes'


More information about the PLUG-discuss mailing list