On June 23, 2003 04:37 pm, you wrote: > At 04:27 PM 6/23/03, you wrote: > >If you want to access your server from both Linux and Windows, for > >simplicity, > >I would recommend using PPTP. > > You do not want to use PPTP. It is by far the most insecure VPN software > available. Even Microsoft, it's create says don't use it. PPTP has no way > of verify the server you are connecting to is genuine so it is subject to > man in the middle attacks.
Yes PPTP may be vulnerable to man in the middle attacks and a host of others (most addressed in Microsoft service packs), but in terms of simplicity of setup, it is still extremely easy. If you want more details on some of the security issues surrounding PPTP, have a look at http://www.counterpane.com/pptp.html > >Windows 2000 has a native PPTP client and you can use pptpclient > >(pptpclient.sourceforge.net) on Linux. For the server side, use PopTop > >(www.poptop.org). > > > >By using pptp, what you lose in security, you gain in simplicity. IpSec > >can be > >setup to run under Windows 2000, but it can get pretty complicated. > > It really isn't that complicated. MS has their own IPSEC client for windows > and several 3 party clients are available. Ultimately you don't want to use > any of the clients though. The best way to setup IPSEC is between two > firewalls or IPSEC servers and then IPSEC tunnel can be transparent to the > client matches. This was the way IPSEC was designed. IpSec and in particular the Linux implementation (FreeSWAN) can be used, but it is still not a simple matter of easy setup, especially in a Windows road warrior configuration. The ideal as you mentioned would be to have 2 IpSec gateways talking to one another and then all communications between the 2 networks would be transparently encrypted. In the end it all comes down to what you want to accomplish, what your time frame is and what level of risk you are willing to assume to achieve what you are looking for. Martin
