Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] VPN with pptp
  • From: Maarten J H van den Berg <maarten@xxxxxxx>
  • Date: Thu, 13 Jun 2002 11:33:12 +0200
  • Message-id: <02061311331201.29419@itux>
On Thursday 13 June 2002 05:46, techplus wrote:
> So what do u recommend that people use instead of pptp


Definitely IPsec ! (FreeS/Wan). It is both included in the default newer
SuSE, but even if you roll your own kernel, as I do, the install script
does everything for you; patch the kernel, build & install it :-)
[ make menugo ] I just went through all that, these past weeks.

The configuration is more of a challenge, I just printed out some 120
pages of docs and read them very patiently and extensively (Though when
it comes to security- critical software you should do this anyway...!!)
After some fighting with the SuSEFirewall everything works as a charm.
I didn't apply the x509(?) cert patches yet though, as I was only
interested in a linux<->linux static WAN link, no windows involved.
That is for a later date.

As is often the case, the first time can be somewhat intimidating.
Afterwards it becomes routine very quickly. :-)

Maarten


> ----- Original Message -----
> From: "Sebastian Krahmer" <krahmer@xxxxxxx>
> To: "Markus Dahinden" <mdahinden@xxxxxxxxxxxxxx>
> Cc: <suse-security@xxxxxxxx>
> Sent: Wednesday, June 12, 2002 11:08 AM
> Subject: Re: [suse-security] VPN with pptp
>
> > On Wed, 12 Jun 2002, Markus Dahinden wrote:
> >
> > Hi,
> >
> > Just because i often read mails like 'we are using a pptp VPN'
> > on this list: pptp is horrible weak and should not be used
> > to protect critical channels or to authenticate users.
> > A paper can be found at http://stealth.7350.org/chap.pdf.
> > I know it doesnt help in this case but I hope it helps
> > one to decide against pptp :)
> >
> > regards,
> > Sebastian
> >
> > > Hi
> > > My pptp VPN connection between W2K and a SuSE Linux8.0 server (with
> > > SuSEfirewall2) seems to work (username and password are verified,
> > > PC is registered and authentificated).
> > >
> > > /var/log/messages tells me for the vpn-connection:
> > > ....
> > > - SuSE-FW-UNALLOWED-TARGETIN.........prot. 47...... (after
> > > launching vpn-connection)
> > > ....
> > > - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139....
> > > (after hitting network item)
> > > ....
> > > - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 139....
> > > (after Start/run "\\192.168.x.y")
> > > - SuSE-FW-DROP-ANTI-SPOOFIN.................DPT 445....
> > >
> > > These services (protocols and ports) are accessible according to my
> > > SuSEfirewall2 definitions. I opened theme in section 9.)
> > >
> > > I guess, this is the reason, that I don't see my samba shares on
> > > linux.
> > >
> > > Can someone give me a hand on this problem?
> > >
> > > Markus
> >
> > --
> > ~
> > ~ perl self.pl
> > ~ $_='print"\$_=\47$_\47;eval"';eval
> > ~ krahmer@xxxxxxx - SuSE Security Team
> > ~
> >
> >
> >
> > --
> > To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here

--
brick (brik) n. (4) pl. Another item that can be used to crash windows.

Maarten J. H. van den Berg ~~//~~ network administrator
VBVB - Amsterdam - The Netherlands - http://vbvb.nl
T +31204233288 F +31204233286 G +31651994273

< Previous Next >