>> So far, it seems as if a PPTP tunnel might be the best solution > > I'd go with IPSec; I believe PPTP is known to have some (security) > problems.
It's not too bad with a few provisos, and has a major advantage that client software is available for free for most OS. Firstly, you must use up-to-date implementations of PPTP. Early implementations of the protocol particularly on MS were poor (buffer overflow problems). Also the early version of the protocol itself, regardless of the implementation, used an insecure challenge-handshake mechanism. This has since been strengthened, though some believe not sufficiently. So on to the second proviso: every account which is allowed to authenticate to the PPTP server must have a strong password. http://www.counterpane.com/pptp.html is informative. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
