[svlug] PPTP?

Jose Medeiros cobra at jps.net
Mon Jul 23 21:38:01 PDT 2001


Now.. Now .. lets all calm down, and take this off line.
( We all know the Rules on the SVLUG list )

I hope both of you are mature enough to let this end.

Regards, 

Jose Medeiros


----- Original Message ----- 
From: "Will Lowe" <harpo at udlug.org>
To: "Rick Moen" <rick at linuxmafia.com>
Cc: <svlug at svlug.org>
Sent: Saturday, July 21, 2001 10:31 AM
Subject: Re: [svlug] PPTP?


> > You know, the position of Global Village Idiot has a long waiting list.
> 
> Heh.  So is the line for Global Village asshole; keep trying.  And
> given that your suggested Google string was nearly a complete bust,
> I'm tempted to ask if your name is ahead of mine on the Global Village
> Idiot list, too.
> 
> > Out of idle curiosity:  Have you stumbled across the LDP's VPN HOWTO,
> > yet, or is that going to take you a few more days of research?
> 
> Sure.  I take it that you haven't stumbled across this yet:
> http://sites.inka.de/bigred/devel/tcp-tcp.html
> 
> Let's start over here;  I concede that my intial query wasn't
> well-formatted.  You stated that there were "plenty of available
> alternatives" for Linux VPNs,  presumably in a corporate environment,
> because that's what the discussion was about.
> 
> Here's what I should've said:
> 
> 1) PPTP : insecure.  Linux support (for encrypted pptp tunnels that
> interoperate well with other vendors,  such as Cisco and M$) is ...
> immature,  at best.
> 
> 2) CIPE: it's awesome.  I've had some CIPE tunnels up linking remote
> sites and data centers to our office now since November,  and I've had
> NO trouble with them. There's even a windows implementation.  BUT I'm
> not sure I want to try to configure it for the 100+ Windows-using
> non-geeks in the office,  including having each one have to connect to
> a different IP address or Port.  They'll be immensly confused. Yes,
> one or two of these people might belong in the line of Global Idiots, but
> for the most part they're just secretaries and marketing guys who
> want to do their jobs without also doing mine.
> 
> * At this point,  let's acknowledge that VERY few people have the
> ability to disregard Windows at work.  I hate it, you hate it,
> sometimes I think even Mr. Gates must hate it,  but it's a reality, and
> I'm unlikely to convince my CEO that he has to learn to use Linux just
> to read his email from home and grab a .ppt he left on his desktop at
> work (which he'll then be unable to open anyway).  Attitudes like the
> one you fed me last night don't help get rid of the corporate fear of
> anything non-M$, and therefore don't help you collect your consulting
> fees. 
> 
> 3) PPP-over-SSH:  suffers from the backoff (and MTU?) problems
> associated with TCP-in-TCP.  Non-windows only.  Otherwise, 
> generally workable,  but many users are stuck at home behind lossy 
> or congested lines,  where the aforementioned problems are worst.
> 
> 4) FreeS/WAN: seems like long-term this might be the best solution,
> but when I last tried it (nearly 6 months ago now) there were serious
> interoperation problems.  It looks like some of those may have been
> resolved in more recent releases:
> 
> http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/interop.html
> 
> 5) vtun and vpnd: again, Unixish things only.  Also suffer from
> the config problems of CIPE,  IIRC.  I haven't played with them
> myself,  but the reports I've had from friends are that they work
> pretty well.
> 
> This leaves us with ONE reliable, multiplatform (required by the
> "corporate environment" postulate above) interoperable (maybe?),
> relatively-mainstream VPN solution involving Linux.  What I MEANT to be
> asking last night was "what else can you think of,  and do you have any
> experience with it that makes you want to recommend it?"
> 
> -- 
> sheesh,
> 
> Will
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug





More information about the svlug mailing list