PPTP vs. SSL
jordi laforge
laforge.jordi at gmail.com
Sun Oct 22 09:03:48 MST 2006
Thanks for the information. While I am new to VPNs I do understand the
concept of how they work. That said I do appreciate all the good info you
gave and will read those links.
In order to save an email I'd like to include a question I had from one of
Eric's emails.
Since SSL vpns work at a higher OSI layer does that mean that the stuff at
the lower layers is not encrypted? Like mac address and ip address.
THanks all for answering my questions. You are most helpfull.
On 10/21/06, Kurt Granroth <plug-discuss at granroth.org> wrote:
>
> jordi laforge wrote:
> > I'm trying to provide a roadwarrior situation. Here is what I'm looking
> at:
> > Small 8-12 user lan.
> > 4-5 of these users have home pc's(Windows) that they'd like to use to
> > connect to the
> > office and user the file server\ email\ databases.
> > The windows file server has PPTP capabilities.
> >
> > I could either use the Windows PPTP or setup another server running
> > Linux with openvpn. Or something else I haven't thought of....but you
> > guys suggest.
> > Whaddya think?
>
> Okay, it sounds like you're not all that familiar with VPNs in general,
> based on your comments here and in later messages. I *strongly* suggest
> doing some quick reading on that topic first before getting into
> specifics. The 'howstuffworks' entry on VPNs is not half-bad and the
> wikipedia page is excellent.
>
> Here's the very very short summary: A VPN would allow your 'road
> warriors' to connect to the home office while they are at home or on the
> road. The user's remote laptop or desktop would get a special IP that
> is specific to the VPN through which all traffic to work is 'tunneled'
> in an encrypted manner. Done properly, the remote worker would be able
> to access ALL of the services that she could normally access while in
> the office... but in a safe and secure manner over the public Internet.
>
> Now PPTP has the advantage here of being very easy to setup and if you
> have one of the Windows Servers, then you have half of it already nearly
> setup. You would need to get clients for any Linux users, but that's
> not a problem as I'm fairly certain that there is now "native" support
> in the kernel.
>
> HOWEVER, PPTP is considered to be fundamentally broken by some respected
> cryptographers. A quote from Bruce Schneier: "Microsoft PPTP is very
> broken, and there's no real way to fix it without taking the whole thing
> down and starting over."
>
> http://www.schneier.com/pptp-faq.html
>
> OpenVPN is a free solution that has so far been proven to be rock-solid.
> It is, however, not as easy to setup as PPTP. In fact, if you want to
> do anything more than a peer-to-peer setup, you will likely have to do a
> considerable bit of reading and some configuration file editing.
>
> Mind you, while the reading is verbose, it's not hard to understand and
> it shouldn't take more than a few hours to get everything setup. I'm
> told, too, that some of the GUIs available make it a lot easier (haven't
> used any of them) and some of the specialized distros like Smoothwall
> and IPCop should make it even easier yet.
>
> Now this is a Linux group so we'll tend to lean towards using Linux
> based solution for the "server" side. I'm honor bound to tell you,
> though, that you don't have to. OpenVPN is fundamentally a peer-to-peer
> VPN (with some variances) and works just dandy on Windows. So you
> *could* run it as a service on your Windows Server and it would likely
> chug away just fine. There is even a handy GUI for it.
>
> I recommend starting with some reading:
>
> http://openvpn.net/howto.html
> http://openvpn.net/INSTALL-win32.html
> http://openvpn.se/
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20061022/116d2cd5/attachment.htm
More information about the PLUG-discuss
mailing list