I came across this article which disscusses the various options for VPN.
The general bias appears to be OpenVPN (SSL VPN) good, IPSec bad,
Client-less SSL VPN is also frowned upon. I guess this touches upon SSL Explorer which was recommened in Cowman's remote access thread
I am tempted to go the SSL way but wonder if there would be a performance penalty. Faterall IPSec is emplemented at kernel level and so should be faster.
Also look at FreeS/WAN.
http://www.freeswan.org/
Also don't forget PPTP.
http://www.poptop.org/
Geoff you are joking aren't you?Originally Posted by Geoff
The last post on the FreeSWAN website is in 2003. The latest verion of OpenVPn was released ttwo weeks ago.
and even Microsoft are moving away from PPTP.
Not more help for the script kiddies, eh Geoff?
Sorry, VPN isn't something I've really looked at recently.
Someone better tell CLEO then. We're using PPTP here in Cumbria/Lancashire for our VPN remote access solution because apparently it's 'more secure' than IPSec....even Microsoft are moving away from PPTP.
Have a look at this warning about PPTP posted on the poptop website.
One of the problems it has is that it's vulnerbale to offline cracking a bit like WEP.The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks.
The reason it's still used might because of ease of configuration and ubequity (it is included in Windows clients).
Complexity can often be an enemy of security such as with the post-it note syndrome when it comes to using strong passwords.
Another reason for continued PPTP use might be that NAT routers are not so kind to IPSec.
Ah I see. I shall pass this info on.
Mmm.. I had some involvement with the early "PPTP is Icky" uh.. campaign back when it was much, much worse.
The 'Why not use PPTP?' comments on lack of two-factor authentication and sniffing have been true pretty much forever. However it's only "trivial" to break given a rubbish password.. and unlike ye olde LM Hash thing, you can't crack two or more passwords at the same time.
IPSec (a good idea at the start) was murdered by a 10+ year committee design process, but when implemented wisely it's clearly more secure than PPTP.
SSL tunnels (with mutual authentication i.e. server & client certs) are my favourite too.
FreeSwan forked a while back to OpenSwan and StrongSwan
The last post on the FreeSWAN website is in 2003. The latest verion of OpenVPn was released ttwo weeks ago.
http://www.openswan.org/
http://www.strongswan.org/
I think its the combination of L2TP/IPSEC that is more secure.
Window 2000 + has the client built in.
Ashok.
Theres a good L2TP/Ipsec resource here, http://www.jacco2.dds.nl/networking/freeswan-l2tp.htmlI think its the combination of L2TP/IPSEC that is more secure.
Window 2000 + has the client built in.
Ashok.
along with a windows integration howto http://www.jacco2.dds.nl/networking/...-freeswan.html
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote