PPTP involves tunneling a one stack instance in another. For example if you
were doing POP email your stack would look like:
[POP3]
[TCP]
[IP]
[PPP]
[PPTP]
[TCP]
[IP]
[PPP]
[-- physical layer --]
With IPSec it would look like:
[POP3]
[TCP]
[IP with IPSec]
[PPP]
[-- physical layer --]
To implement PPTP with the current NetLib you'd have to have some other
process or thread going that sucks packets out of the bottom of one stack
(probably posing as an "interface") encrypts them and dumps them back down
into the NetLib again to go out the real stack that's going out the
wire/antenna. There's a number of tricky things to make all that work and
I'm not sure NetLib is up for that, though it is probably possible with
some help from Palm.
I haven't looked at the crypto involved with PPTP, but if it's like most of
the other security protocols it can probably be made to interoperate with
other PPTP servers if sufficient effort and care is put into the
implementation. I'd much rather see the work go into IPSec.
Another basis for my comments is that PPTP is known to be slow on Pentiums
in some situations and is very difficult for users to configure (of course
a Palm implementation wouldn't be difficult :-)
So I think it could be made to work with a lot of effort. The result might
perform OK, though I expect there would be a noticeable performance hit.
LL
At 08:48 AM 10/28/99 -0200, Eduardo Thuler wrote:
>The VPN I'm trying to access is implemented using PPTP. When you mention it
>is too heavy you mean there is no way to do it, or just that it will slow
>the palm communications ?
>
>By the way, thanks for the clarifications, Laurence.
>
>
>
> >Date: 27 Oct 1999 16:38:56 -0700
> >From: Laurence Lundblade <[EMAIL PROTECTED]>
> >Subject: Re: accessing a VPN with Palm
>
> >The assumptions I'd make about your situation are:
> > - You're connecting with IP
> > - You're ISP is bringing you up outside the firewall (CDMA data, CDPD or
> >such)
> > - A firewall exists that protects the server you're trying to access
> >.Are those right?
> >.
> >Today I believe the main option you have is to dial-in behind the firewall
> >(if that is possible). Most corporate-run dial-in pools are behind the
> >firewall. Some wireless data services support this (GSM and CDMA data).
> >
> >The other technologies commonly used are:
> > - PPTP
> > - L2TP
> > - SSH
> > - IPSec
> >
> >The only one I know if running on the Palm is SSH and that's only in a
> >telnet app (TopGun Telnet I think). In the long term I hope we get to
> >IPSec. It's what all the major firewall vendors (including Cisco and
> >Microsoft) are touting as the standard and it's also a very general and
> >efficient technology. I believe there's some performance issues with IPSec
> >but I also believe they are solvable with enough cleverness.
> >
> >I'd be interested in others thoughts!
> >
> >One worry I have is that PPTP is to heavy to for Palm devices now, but it's
> >widespread use is going to delay IS departments rolling out IPSec.
> >
> >LL
> >
> >
> >At 06:11 PM 10/27/99 -0200, Eduardo Thuler wrote:
> >>I need to access a computer in a VPN. I'm not sure if there are many kinds
> >>of VPN's but this one is managed by a windows NT. What it does in windows
>is
> >>to create a connection over an existing one.
> >>
> >>Does anyone know of a way to do that in a Palm ?
> >>
> >>thanks in advance,
> >>
> >>Eduardo Thuler
> >>
>
