[geeks] VPN suggestions

Simeon Johnston geeks at sunhelp.org
Fri Apr 13 08:51:26 CDT 2001 

Bill Bradford wrote:

> On Fri, Apr 13, 2001 at 12:02:24AM -0500, Phil Brutsche wrote:
> > What are they worrying about security for?  They don't have any now.
>
> Yeah, I know.  I'm trying to fix that.
>
> > 1) Linux + PoPToP (PPTP software).  Encryption won't work worth a crap
> >    unless you wanna patch pppd.
>
> Will PoPToP work with the Windows 98/NT PPTP client?

Yes it will.  This is what we use as our VPN now.  Works great.  No extra
clients needed unless your going to use a mac.  The mac client is also less
expensive than IP/Sec clients.
We have our firewall set up to forward any related packets to an internal
PPTP ( PoPToP ) server although you can set it up on the firewall itself
instead of having another box slowing things down.  We just added this in
recently and didn't want to disturb a good thing. : )
Patching PPPD wasn't that big of an issue.

> >    you wanna patch the kernel) + PGP's IPsec client.
>
> PGP's IPsec client is out, it costs money. 8-(

It also doesn't play well with NAT ( not at all really ).  At least last
time I checked ( about 2 months ago ).
PPTP runs great with NAT.

> > What would you need Samba for?
>
> Might as well use that box for a central fileserver as well...

Actually this is what our PoPToP server is also. :-)
It's running a Mac appletalk ( Netatalk ) server as well.
The only problem that we have run into is that the server is a ALPHA and
the ethernet card if f*'d up.  It caused some interesting problems.  This
is a known problem with the ALPHA we have so it shouldn't bother you.

> Bill

I would recomend the PPTP VPN rather than IP/Sec.  There is much less
hassle configuring it on the client side.  Free client built into windows.
Free server for Linux.
What could be better?
I also don't know about the new 2.4.x kernels.  I am currently working on a
replacement firewall w/ the 2.4.x iptables firewall instead of IPChains
from 2.2.x.  Looks like it will be really nice but I haven't looked into
the PPTP side of things yet and don't know if the patch for PPPD is ready
for this kernel.

sim

More information about the geeks mailing list