Ross Walker wrote: > On Nov 3, 2010, at 9:07 AM, Les Mikesell <lesmikesell at gmail.com> wrote: >> On 11/3/10 7:48 AM, Adam Tauno Williams wrote: >>> On Wed, 2010-11-03 at 12:49 +0000, John Hodrien wrote: >>>> On Wed, 3 Nov 2010, Adam Tauno Williams wrote: >>>> >>>>> On Wed, 2010-11-03 at 13:04 +0200, Eero Volotinen wrote: >>>>>> 2010/11/3 mattias<mj at mjw.se>: >>>>>>> How to setup a vpn server on centos? >>>>>>> I can't find the pptpd in any repo >>>>>> PopTop is possibly solution that you are looking for: >>>>>> http://poptop.sourceforge.net/ , but ssl-vpn like openvpn is much >>>>>> better solution (works correctly with any firewalls) >>>>> PoPTP works very well. Also known as pptpd. >>>> Although as has already pointed out, GRE and NAT issues make PPTP a >>>> somewhat >>>> odd choice given the alternatives. >>> >>> I agree; but its issues verses the issues of the other >>> alternatives.... >>> seems almost a wash to me. >> >> Errr, what issues does openvpn have? > > I'm no fan of any type of VPN as I think it's a way of extending your > trusted LAN to an untrusted endpoint compromising internal trust levels, > but if you are going to implement a VPN the type is of very little > consequence (account/password is more likely to be compromised then <snip> > I would suggest only providing VPN access to administrators and for users > providing a combination of SSL gateway to web-mail and some type of > terminal service that either authenticates with a separate domain or is > only accessible after successfully authenticating to the SSL gateway. <snip> Um, no. This might work for folks who *only* need access to their M$ Exchange via Outlook and Office, but for other work, including *anything* that isn't being done in their browser, they're SOL about working, say, from home. It's even more secure it you just unplug it from the Internet.... mark