[ previous ] [ next ] [ threads ]
 From:  Sven Brill <madde at gmx dot net>
 To:  "Donovan R. Palmer" <donovan at dmpnet dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PPTP versus IPsec
 Date:  Sun, 07 Jan 2007 15:06:41 -0500
Donovan R. Palmer wrote:
> I am reading the docs for m0n0wall in preparation of setting up an 
> install this week.  I wondered if someone could tell me which VPN is 
> better for travellors accessing the LAN via VPN with WinXP laptops? 
> PPTP or IPsec?
really depends on a couple of things.

1. is the m0n0 box on a static IP? the ipsec implementation requires at 
least one static IP.
2. Do you just want to be able to "get into the LAN", or do you need 
real security? PPTP is far less secure than ipsec, and I base that on 
absolutely nothing right now, because I am too lazy to pull up the 
relevant sources :)
3. Are the road warriors behind restrictive firewalls that do not let IP 
protocol 50 through? no ipsec for you.
4. Ease of use - last time I tried to connect windows 2000 to freeSWAN, 
it was a weekend project. I did not want to pay for a third-party ipsec 
client for windows, and the built-in one doesn't follow all the 
standards. Dunno if that improved in XP.

if you want the best of both worlds (i.e., ease of use of PPTP on 
windows, but decent security), I still highly recommend OpenVPN. Either 
set up an openVPN box in the LAN, or grab one of Peter Allgeyer's 
images, that's what I am using since over a year, rock solid. Wife uses 
a wireless laptop at home and can only get out through an openVPN tunnel 
(starts automatically upon starting the laptop, default route gets 
pushed by the server), I work from everywhere behind all kinds of 
firewalls and have it listen on a tcp port (not changing the default 
route, just to get to my internal mchines at home), never had a problem. 
Even works with certificates, don't have to rely on PSK.

just some food for thought