On Fri, Mar 19, 2004 at 03:09:11AM -0600, David Phillips wrote: > PPTP has several major advantages over IPsec: > > - available now > - well supported on Windows, Mac OS X and Linux > - works over NAT > - supports protocols besides IP One of my colleagues had IPSec over NAT working from his home Linux box (running Mandrake). He recently installed Mandrake 10.0 on the box, and hasn't gotten around to reinstalling the IPSec client - he formatted the drive and started over from scratch. For connecting to work using my (employer-supplied) Windows laptop, I never did get PPTP working through my NAT - I'd even punched the holes in my NAT table that I was told needed to be punched, and still couldn't get it working. When I told IPSec to tunnel using TCP instead of UDP, it just started working - and I didn't have to punch holes! So, from my experience, IPSec is working better over NAT than PPTP did. This is also my experience supporting sales-droids in the field - we had no end of problems getting PPTP working in NAT environments, but the moment we got IPSec over TCP, it just worked. So, I'm afraid I have to dispute at least your first and third bullet points. For your second bullet point, I don't know how well-supported IPSec is on Linux, but it is available. Personally, I don't consider bullet point 4 to be an issue, but I am willing to concede that there are environments where it might be. -- Scott Raun sraun at fireopal.org _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list