Re: [m0n0wall] PPTP versus IPsec

From:	Sven Brill <madde at gmx dot net>
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] PPTP versus IPsec
Date:	Sun, 07 Jan 2007 21:36:03 -0500

Chris Buechler wrote:
> On 1/7/07, Sven Brill <madde at gmx dot net> wrote:
>> Security could be strong enough with PPTP,
>> depends on your  own risk assessment.  For a fun read,  try this:
>>
>> http://www.schneier.com/paper-pptp.html
>>
>
> This is a bit of FUD, as it's based on issues that were fixed years
> ago and Schneier never updated that page.  But, PPTP still has its
> issues.
first hit on google, as I said, it might be enough, I just don't trust 
it and have nothing to base this on right now, other than general 
industry practices where security is a factor, e.g. banking.
>
>   A
> combination of IPsec and OpenVPN is ideal IMO.  Two for redundancy,
> and if one can't get through whatever firewall your client machine is
> behind, you have another to try.
>

I like that idea - don't limit yourself, you only have to configure your 
m0n0wall once. Leave your options open, and set yourself a priority 
list. Basically, the three VPNs mentioned use three different 
approaches, and one of them is sure to get through whatever firewall the 
client is behind.

Sven