On Thursday 13 June 2002 05:46, techplus wrote:
So what do u recommend that people use instead of pptp
Definitely IPsec ! (FreeS/Wan). It is both included in the default newer SuSE, but even if you roll your own kernel, as I do, the install script does everything for you; patch the kernel, build & install it :-) [ make menugo ] I just went through all that, these past weeks. The configuration is more of a challenge, I just printed out some 120 pages of docs and read them very patiently and extensively (Though when it comes to security- critical software you should do this anyway...!!) After some fighting with the SuSEFirewall everything works as a charm. I didn't apply the x509(?) cert patches yet though, as I was only interested in a linux<->linux static WAN link, no windows involved. That is for a later date. As is often the case, the first time can be somewhat intimidating. Afterwards it becomes routine very quickly. :-) Maarten
----- Original Message ----- From: "Sebastian Krahmer"
To: "Markus Dahinden" Cc: Sent: Wednesday, June 12, 2002 11:08 AM Subject: Re: [suse-security] VPN with pptp On Wed, 12 Jun 2002, Markus Dahinden wrote:
Hi,
Just because i often read mails like 'we are using a pptp VPN' on this list: pptp is horrible weak and should not be used to protect critical channels or to authenticate users. A paper can be found at http://stealth.7350.org/chap.pdf. I know it doesnt help in this case but I hope it helps one to decide against pptp :)
regards, Sebastian
Hi My pptp VPN connection between W2K and a SuSE Linux8.0 server (with SuSEfirewall2) seems to work (username and password are verified, PC is registered and authentificated).
/var/log/messages tells me for the vpn-connection: .... - SuSE-FW-UNALLOWED-TARGETIN.........prot. 47...... (after launching vpn-connection) .... - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after hitting network item) .... - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after Start/run "\\192.168.x.y") - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 445....
These services (protocols and ports) are accessible according to my SuSEfirewall2 definitions. I opened theme in section 9.)
I guess, this is the reason, that I don't see my samba shares on linux.
Can someone give me a hand on this problem?
Markus
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- brick (brik) n. (4) pl. Another item that can be used to crash windows. Maarten J. H. van den Berg ~~//~~ network administrator VBVB - Amsterdam - The Netherlands - http://vbvb.nl T +31204233288 F +31204233286 G +31651994273