Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
AW: [suse-security] VPN with pptp
  • From: <webmaster@xxxxxxxxxxxxxxxxxx>
  • Date: Mon, 17 Jun 2002 08:45:37 +0200
  • Message-id: <BLEBLLIHHJBOLKNCLGEPAEHHCHAA.webmaster@xxxxxxxxxxxxxxxxxx>
Hi,

the paper is about normal chap.

but what about chapms-v2 with mppe-128 stateless?

my pptp server only accept chapms-v2, should be secure or?

here is my option file:

ipparam PoPToP
lock
mtu 1490
mru 1490
multilink
auth
#+chap
#+chapms
+chapms-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 30
lcp-echo-interval 5
deflate 0
mppe-128
mppe-stateless
require-mppe
require-mppe-stateless



for markus:

a good paper for setting up pptpd:

http://www.shorewall.net/PPTP.htm


best regards
Wolfgang


-----Ursprungliche Nachricht-----
Von: Sebastian Krahmer [mailto:krahmer@xxxxxxx]
Gesendet: Mittwoch, 12. Juni 2002 17:08
An: Markus Dahinden
Cc: suse-security@xxxxxxxx
Betreff: Re: [suse-security] VPN with pptp


On Wed, 12 Jun 2002, Markus Dahinden wrote:

Hi,

Just because i often read mails like 'we are using a pptp VPN'
on this list: pptp is horrible weak and should not be used
to protect critical channels or to authenticate users.
A paper can be found at http://stealth.7350.org/chap.pdf.
I know it doesnt help in this case but I hope it helps
one to decide against pptp :)

regards,
Sebastian

> Hi
> My pptp VPN connection between W2K and a SuSE Linux8.0 server (with
> SuSEfirewall2) seems to work (username and password are verified, PC is
> registered and authentificated).
>
> /var/log/messages tells me for the vpn-connection:
> ....
> - SuSE-FW-UNALLOWED-TARGETIN.........prot. 47...... (after
> launching vpn-connection)
> ....
> - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after
> hitting network item)
> ....
> - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139.... (after
> Start/run "\\192.168.x.y")
> - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 445....
>
> These services (protocols and ports) are accessible according to my
> SuSEfirewall2 definitions. I opened theme in section 9.)
>
> I guess, this is the reason, that I don't see my samba shares on linux.
>
> Can someone give me a hand on this problem?
>
> Markus
>
>
>

--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@xxxxxxx - SuSE Security Team
~



--
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

< Previous Next >
Follow Ups
References