[CentOS] PPTP VPN server

Jason Pyeron

jpyeron at pdinc.us
Tue Nov 25 16:03:29 UTC 2008


Sorry for the late jump in here, hence the top post (missing earlier posts).
 
I have a working setup as you described with out the reboot problem. There is
one difference, we are using VMWare (free version).
 
It even authenticates against the domain controller for vpn sessions.
 
I would be happy to help find the differences in your setup, or help you "copy"
ours.
 
-Jason 
 



  _____  

From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of
"Germán Andrés Pulido F."
Sent: Monday, November 24, 2008 11:31 PM
To: CentOS mailing list
Subject: Re: [CentOS] PPTP VPN server


Thanks everyone for your help. I still cannot guess what the problem is with the
rebooting of the server, but I'm currently reading about openvpn, it seems to be
the best solution for my issue.

Regards.

Filipe Brandenburger wrote: 

Hi,

On Mon, Nov 24, 2008 at 12:56, Les Mikesell <lesmikesell at gmail.com> wrote:
> Microsoft has updated PPTP since the only paper I know about was written.
> Does anyone know if there are still problems with it or if the linux
> version is updated to match?

>From http://pptpclient.sourceforge.net/protocol-security.phtml:

"PPTP on Linux, and Microsoft's PPTP, both implement fixes for vulnerabilities
that were detected years ago in Microsoft's PPTP. But there remain the design
vulnerabilities that cannot be fixed without changing the design. The changes
needed would break interoperability. We can't change the Linux PPTP design,
because it would stop working with Microsoft PPTP. They can't change their
design, because it would stop working with all the other components out there,
such as Nortel and Cisco, embedded routers, ADSL modems and their own Windows
installed base."

And POPTOP (http://poptop.sourceforge.net/dox/qna.html#12):

In conclusion: Poptop suffers the same security vulnerabilities as the NT sever
(this is because it operates with Windows clients).
Update: MSCHAPv2 has been released and addresses some of the security issues.
Poptop works with MSCHAPv2, which is implemented in pppd. 

Wikipedia (http://en.wikipedia.org/wiki/PPTP):

PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec.


>From these sources, I can't tell for sure if the protocol has vulnerabilities
by design or not, but in any case it seems to be agreement that other VPN
protocols such as IPSec are much more secure and reliable than PPTP. I would not
recommend starting a VPN implementation using PPTP.

L2TP/IPSec seems to be the best alternative regarding client support (built-in
support on Windows XP, Mac and the iPhone), only it is very hard to implement on
a Linux server, and there are issues with NAT traversal. OpenVPN is easy to
implement and seems to work very well with NAT, but clients must be downloaded
and installed for most platforms, and are not available, for instance, for the
iPhone.

HTH,
Filipe




  _____  


_______________________________________________

CentOS mailing list

CentOS at centos.org

http://lists.centos.org/mailman/listinfo/centos

  



-- 



Cordialmente,





 GERMAN ANDRES PULIDO F.

 Ingeniero de Proyectos

 GLOBAL TECHNOLOGY SERVICES - GTS S.A.

 -------------------------------------

 Tel: (571) 658 34 10 ext 110

 Carrera 7b No. 123-46

 Bogotá-Colombia

 Sitio Web: www.gtscolombia.com

 
 


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc.  <http://www.pdinc.us/>
http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20081125/ec04b9e8/attachment-0001.html>


More information about the CentOS mailing list