Thomas Johnson writes:
> i'd like to (eventually) set it up to allow network
> access only through a VPN but I'm not completely sure what my choices
> are as far as VPNs go. PPTP is easy enough to set up, and allows easy
> access to linux & windows clients, but AFAIK it's not a very secure
> solution. IPSEC would seem to be a more secure choice, but the
> inter-OS compatibility seems limited and it seems nearly impossible
> to get running.

The only thing I have been able to find about IPsec being more secure than
PPTP is that PPTP is supposedly vulnerable to dictionary attacks, which is a
problem if users choose weak passwords (perhaps combined with insecure
authentication methods?).  PPTP isn't insecure like WEP.  It is simply less
secure than IPsec, similar to how DES is less secure than AES.  As far as I
know, there aren't any insecurities allowing it to be easily cracked,
assuming a secure authentication method is used (MS-CHAPv2, for example).

PPTP has several major advantages over IPsec:

- available now
- well supported on Windows, Mac OS X and Linux
- works over NAT
- supports protocols besides IP

-- 
David Phillips <david at acz.org>
http://david.acz.org/


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list