|
Sorry for the late jump in here, hence the top post
(missing earlier posts).
I have a working setup as you described with out the reboot problem.
There is one difference, we are using VMWare (free version).
It even authenticates against the domain controller for vpn
sessions.
I would be happy to help find the differences in your setup, or help you
"copy" ours.
-Jason
Thanks everyone for your help. I still cannot guess what the
problem is with the rebooting of the server, but I'm currently reading about
openvpn, it seems to be the best solution for my
issue.
Regards.
Filipe Brandenburger wrote:
Hi,
On Mon, Nov 24, 2008 at 12:56, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
>
Microsoft has updated PPTP since the only paper I know about was
written.
> Does anyone know if there are still problems with it or if
the linux
> version is updated to match?
>From http://pptpclient.sourceforge.net/protocol-security.phtml:
"PPTP
on Linux, and Microsoft's PPTP, both implement fixes for vulnerabilities
that were detected years ago in Microsoft's PPTP. But there remain the
design vulnerabilities that cannot be fixed without changing the design.
The changes needed would break interoperability. We can't change the Linux
PPTP design, because it would stop working with Microsoft PPTP. They can't
change their design, because it would stop working with all the other
components out there, such as Nortel and Cisco, embedded routers, ADSL
modems and their own Windows installed base."
And POPTOP (http://poptop.sourceforge.net/dox/qna.html#12):
In
conclusion: Poptop suffers the same security vulnerabilities as the NT
sever (this is because it operates with Windows clients).
Update:
MSCHAPv2 has been released and addresses some of the security issues.
Poptop works with MSCHAPv2, which is implemented in pppd.
Wikipedia
(http://en.wikipedia.org/wiki/PPTP):
PPTP
has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and
IPSec.
>From these sources, I can't tell for sure if the
protocol has vulnerabilities by design or not, but in any case it seems to
be agreement that other VPN protocols such as IPSec are much more secure and
reliable than PPTP. I would not recommend starting a VPN implementation
using PPTP.
L2TP/IPSec seems to be the best alternative regarding
client support (built-in support on Windows XP, Mac and the iPhone), only it
is very hard to implement on a Linux server, and there are issues with NAT
traversal. OpenVPN is easy to implement and seems to work very well with
NAT, but clients must be downloaded and installed for most platforms, and
are not available, for instance, for the
iPhone.
HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
--
Cordialmente,
GERMAN ANDRES PULIDO F.
Ingeniero de Proyectos
GLOBAL TECHNOLOGY SERVICES - GTS S.A.
-------------------------------------
Tel: (571) 658 34 10 ext 110
Carrera 7b No. 123-46
Bogotá-Colombia
Sitio Web: www.gtscolombia.com
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- -
- Jason Pyeron PD Inc. http://www.pdinc.us -
- Principal Consultant 10 West 24th Street #100 -
- +1 (443) 269-1555 x333 Baltimore, Maryland 21218 -
- -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately. Any other use of the email by you
is prohibited.
|
