Thanks everyone for your help. I still cannot guess what the problem is
with the rebooting of the server, but I'm currently reading about
openvpn, it seems to be the best solution for my issue.
Regards.
Filipe Brandenburger wrote:
Hi,
On Mon, Nov 24, 2008 at 12:56, Les Mikesell <lesmikesell@xxxxxxxxx>
wrote:
> Microsoft has updated PPTP since the only paper I know about was
written.
> Does anyone know if there are still problems with it or if the
linux
> version is updated to match?
>From http://pptpclient.sourceforge.net/protocol-security.phtml:
"PPTP on Linux, and Microsoft's PPTP, both implement fixes for
vulnerabilities that were detected years ago in Microsoft's PPTP. But
there remain the design vulnerabilities that cannot be fixed without
changing the design. The changes needed would break
interoperability. We can't change the Linux PPTP design, because it
would stop working with Microsoft PPTP. They can't change their design,
because it would stop working with all the other components out there,
such as Nortel and Cisco, embedded routers, ADSL modems and their own
Windows installed base."
And POPTOP (http://poptop.sourceforge.net/dox/qna.html#12):
In conclusion: Poptop suffers the same security vulnerabilities as
the NT sever (this is because it operates with Windows clients).
Update: MSCHAPv2 has been released and addresses some of the
security issues. Poptop works with MSCHAPv2, which is implemented in
pppd.
Wikipedia (http://en.wikipedia.org/wiki/PPTP):
PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and
IPSec.
>From these sources, I can't tell for sure if the protocol has
vulnerabilities by design or not, but in any case it seems to be
agreement that other VPN protocols such as IPSec are much more secure
and reliable than PPTP. I would not recommend starting a VPN
implementation using PPTP.
L2TP/IPSec seems to be the best alternative regarding client support
(built-in support on Windows XP, Mac and the iPhone), only it is very
hard to implement on a Linux server, and there are issues with NAT
traversal. OpenVPN is easy to implement and seems to work very well
with NAT, but clients must be downloaded and installed for most
platforms, and are not available, for instance, for the iPhone.
HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Cordialmente,
GERMAN ANDRES PULIDO F.
Ingeniero de Proyectos
GLOBAL TECHNOLOGY SERVICES - GTS S.A.
-------------------------------------
Tel: (571) 658 34 10 ext 110
Carrera 7b No. 123-46
Bogotá-Colombia
Sitio Web: www.gtscolombia.com
|
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos