[wellylug] Router piercing
Jim Cheetham
jim at gonzul.net
Tue Dec 13 14:22:29 NZDT 2005
> For some criticisms of vtun from Peter Guttman, whose opinion is
> reasonably respectable, see:
>
> http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
Thanks for reminding me of this document :-) Another good quote :-
"CIPE and vtun must be the OSS community's answer to Microsoft's PPTP
implementation"
Another useful read is Bruce Schneier's analysis of MS PPTP - some data
here on http://www.schneier.com/pptp.html. The upshot is that
Microsoft's implementation of PPTP was deeply flawed, and even their
subsequent patches failed to address all the concerns (this was in 1998
and 1999). However, PPTP itself was not flawed.
This means that poptop (a Linux implementation of PPTP) is potentially
OK to use - but the authors themselves admit that as they have to
interact with MSCHAPv2, you are only as secure as your weakest link.
http://poptop.sourceforge.net/dox/qna.html#12
Ooh, I dug into the site a little further ... "The maintainers of PPTP
Client and Poptop recommend using OpenVPN (SSL based) or IPSec instead"
http://poptop.sourceforge.net/dox/protocol-security.phtml
So they rule themselves out of the market for "choosing a VPN from
scratch" (and presumeably do a realistic job of supporting people stuck
with legacy PPTP that cannot be replaced outright)
-jim
More information about the wellylug
mailing list