Hi, the paper is about normal chap. but what about chapms-v2 with mppe-128 stateless? my pptp server only accept chapms-v2, should be secure or? here is my option file: ipparam PoPToP lock mtu 1490 mru 1490 multilink auth #+chap #+chapms +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 30 lcp-echo-interval 5 deflate 0 mppe-128 mppe-stateless require-mppe require-mppe-stateless for markus: a good paper for setting up pptpd: http://www.shorewall.net/PPTP.htm best regards Wolfgang -----Ursprungliche Nachricht----- Von: Sebastian Krahmer [mailto:krahmer@suse.de] Gesendet: Mittwoch, 12. Juni 2002 17:08 An: Markus Dahinden Cc: suse-security@suse.com Betreff: Re: [suse-security] VPN with pptp On Wed, 12 Jun 2002, Markus Dahinden wrote: Hi, Just because i often read mails like 'we are using a pptp VPN' on this list: pptp is horrible weak and should not be used to protect critical channels or to authenticate users. A paper can be found at http://stealth.7350.org/chap.pdf. I know it doesnt help in this case but I hope it helps one to decide against pptp :) regards, Sebastian
Hi My pptp VPN connection between W2K and a SuSE Linux8.0 server (with SuSEfirewall2) seems to work (username and password are verified, PC is registered and authentificated).
/var/log/messages tells me for the vpn-connection: .... - SuSE-FW-UNALLOWED-TARGETIN.........prot. 47...... (after launching vpn-connection) .... - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after hitting network item) .... - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after Start/run "\\192.168.x.y") - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 445....
These services (protocols and ports) are accessible according to my SuSEfirewall2 definitions. I opened theme in section 9.)
I guess, this is the reason, that I don't see my samba shares on linux.
Can someone give me a hand on this problem?
Markus
-- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@suse.de - SuSE Security Team ~ -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here