[CentOS] regarding vpn server for 1500 clients

Fri Dec 19 14:39:08 UTC 2008
Robert Moskowitz <rgm at htt-consult.com>

DISCLAIMER:

I work for ICSAlabs, an Independent Division of Verizon Business 
Systems. We are the UL of security product testing.

I co-chaired the IPsec work in the IETF back in the late '90s.

I am the creator of the HIP protocol.

I have lots of standards experience, lots of testing experience, and 
limited deployment experience.

The following IS NOT the position of my employer. I just benefit from a 
lot of help on this list, and rarely can give back....

dhaval.thakar at networthdirect.com wrote:
> Hi list,
>
>
> I have to build vpn server for 1500 clients. No encryption necessary.
> can anyone please recommend me vpn server.
>
> I do not have experience on vpn.
>
> I have tested openvpn on my test setup, & its working fine.
>
> I want to check if there any other vpn server available.
> I have not checked but can pptp vpn be usefull?
>
>
> My requirement is to connect 1500 clients on vpn server.
> Need frontend to manage vpn clients.

I am going to recommend PPTP to you, the reason is low setup cost and 
the encryption stinks (and thus does not cost much CPU).

You see even if you run IPsec with ESP NULL (RFC 2510, read it for all 
the US-centric jokes we stuffed in it), you have to pay for IKE and 
actually the session handshake can be more the killer for a VPN server 
than the actual per-packet-encryption. Why? Becuase to do ANY decent VPN 
protocol that has encyrption available, the handshake MUST use 
asymmetric (ie public-key) encryption. At least Diffie-Hellman, perhaps 
some RSA or ECC thrown in there. Oh, 802.11i Four-Way-Handshake DOES 
avoid this when running with a pre-shared key (OUCH, I wrote the paper 
on the attack on that after I helped develop the protocol including all 
of its compromises).

So every morning when those 1500 users log in, you eat dust while all 
the public-key work goes on. Without hardware to do the work, your 
server just dies. I don't care if your run IPsec, SSLvpn, HIP, or SSH, 
you will have public key crypto running for the handshake. The actual 
cost of AES in a counter-mode operation (like CCMP that was created for 
802.11i, or GCM that was created for 802.1AE) is actually quite 
reasonable. And if you run RC4 with SSLvpns, boy are you running a low 
overhead (and easy to attack) cipher.


But PPTP????

Microsoft invented it to get connected and of course no one would bother 
to attack it... So the handshake is really light weight and won't kill 
your server.

There are variants of PPTP (eg L2PPTP) that have some real crypto in 
them in an attempt to fix what was broken, but then Microsoft got the 
'religion' and went full throttle with IPsec, and did a decent job of 
it. So decent in fact that many corporations turn it OFF becuase they 
can't do internal traffic shaping when all the Microsoft traffic is 
running in ESP!


So to conclude.

Find a tunnelling protocol that has a CHEAP setup cost, like PPTP. This 
can be a bigger deal breaker than the actual tunnel encryption method.