Sure, try http://www.openbsd.com/
(specifically: http://www.openbsd.com/faq/faq13.html )
or http://www.xs4all.net/~freeswan/
2 _free_ IPSEC implementations that one could construct to provide VPN
solutions.
We don't do win32 crypto for mission critical stuff, it's just silly.
like me.
spiff
On Mon, 27 Dec 1999, Paul Gracy wrote:
> Since I'm an engineer and just want to get some done from home...
>
> Ok. So a bunch of people dislike PPTP (version 1 and 2). But nobody has
> offered a constructive comment. So kindly do so, or quit your bitchin'.
>
> Constructive comments are defined in my world as 1 of these 3 things:
> 1) Do this and pptp is as safe as it gets. Your level of risk is X.
> Knowing this, use or don't, as you choose.
> 2) Use protocol / software XYZ as a replacement for PPTP; it only costs x$.
> 3) "I've written a replacement; source and binaries are available at
> www.____.___/pptp_replacement.html. Please perform peer review and let me
> know if you find any bugs."
>
> I'm waiting.......
>
> -----Original Message-----
> From: Brian Steele [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 14, 1999 11:34 AM
> To: [EMAIL PROTECTED]
> Subject: Re: MS PPTP (Safe?)
>
>
> ...and you can do this without being first authenticated by the NT server
> providing the VPN service?
>
> Brian Steele
>
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: "Jimi Aleshin" <[EMAIL PROTECTED]>
> Cc: "J. T. B." <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, December 14, 1999 9:44 AM
> Subject: Re: MS PPTP (Safe?)
>
>
> >
> >
> >
> > One thing to remember, protocol 47 is GRE (Generic Route Encapsulation).
> > Remember the days of disabling
> > Source Route Forwarding at the TCP Layer ????
> > GRE is in it's basic form, the very same thing at the IP layer.
> >
> > What does this mean ????
> >
> > Well, I could send a GRE packet that contains another protocol in its
> payload.
> > This could be, for example, NETBIOS.
> > I could then use a GRE stream to browse your Windows NT domain.
> >
> > Please review RFC 1702 paying strong attention to the section on IP Source
> Route
> >
> > http://www.ietf.org/rfc/rfc1702.txt
> >
> > After you read the RFC, you may want to consider the risks associated with
> it.
> >
> >
> >
> >
> >
> >
> >
> > "Jimi Aleshin" <[EMAIL PROTECTED]> on 12/13/99 05:45:38 PM
> >
> > Please respond to "Jimi Aleshin" <[EMAIL PROTECTED]>
> >
> > To: "J. T. B." <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> > cc: (bcc: Jerry Kendall/Inc/Celestica)
> >
> > Subject: Re: MS PPTP (Safe?)
> >
> >
> >
> >
> > It is an implementation of PPP over TCP. This means that a user must
> already
> > have an Internet connection. The technology creates a second virtual PPP
> > network adapter. By using the native PPP authentication and encryption
> > services, the technology is easily implemented using existing technology.
> > Originally developed by Microsoft, U.S. Robotics (now 3Com), Ascend, and
> > other remote access companies.
> > In 1998, a severe flaw was found in PPTP's authentication scheme. This was
> > fixed in MS-CHAP V2 of Microsoft's implementation.
> > When setting up a PPTP server, you must enable port 1723 and protocol 47
> > through the firewall.
> > So try it out.
> >
> > /Jimi Aleshin
> > Mail: [EMAIL PROTECTED]
> > ICQ: 26180172
> >
> > ----- Original Message -----
> > From: J. T. B.
> > To: [EMAIL PROTECTED]
> > Sent: Monday, December 13, 1999 01:09 PM
> > Subject: MS PPTP (Safe?)
> >
> >
> >
> > I'm looking at building a secure VPN and was wondering if Microsoft's PPTP
> > was any good? I had heard some very bad things about it. Have they
> cleaned
> > it up, or should I look elsewhere?
> >
> > Thanks!
> >
> > ______________________________________________________
> > Get Your Private, Free Email at http://www.hotmail.com
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
