Re: [m0n0wall] 2 quick questions about PPTP

From:	Manuel Kasper <mk at neon1 dot net>
To:	Dany Nativel <dany underscore list at natzo dot com>
Cc:	m0n0wall-list <m0n0wall at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall] 2 quick questions about PPTP
Date:	Mon, 26 Jan 2004 14:04:59 +0100

Dany Nativel wrote:

> So the two questions are :
> 
> - Can PPTP take advantage of a crypto card (like vpn1201/1211) like 
> IPSEC ?    Is vpn14101/1411 much better/required ?

No. Although PPTP encryption (MPPE) is based on RC4 (which is supported 
by the HiFn-based Soekris VPN accelerators), all crypto is done in 
software, because AFAIR MPD/Netgraph don't use the opencrypto framework.

> - What authentication protocol is used on Monowall ( CHAP (M$) or PAP) ?

MD5 CHAP and MS CHAP v1 and v2. I think I'll turn off MSCHAPv1 in future 
releases though, because it is also considered insecure. PAP is 
plaintext and as such it's always off.

- Manuel