He asked, and I answered his question. If you want IPSEC then set that
up instead. Here is a link to the IPSEC document.
http://m0n0.ch/wall/docbook/ipsec.html The ssh.com IPSEC client works
Last time I checked there are no security flaws in PPTP, just
Microsoft's implementation of it. ("What Microsoft, never!" you say....
but it is true!) I believe the patch for MS was issued in late 2002.
But there may be newer stuff as I haven't looked. I personally use
IPSEC tunnels terminated on a Cisco 3030. I just play with the
tunneling on the m0n0wall because it is damn cool frankly. (And you
really can't beat the price.) The MPD thing was fixed, so that isn't an
Really from a protocol standpoint PPTP vs. IPSEC only favors IPSEC in
regard to speed and overhead, and of course IPSEC allows you to split
the tunnel sending only data intended for the destination to the VPN
network tunnel. PPTP is slower (more intensive on both ends of the
connection) and pipes all network data into the VPN tunnel making it
hard to limit what is on the vpn tunnel, but comparing it to WEP, which
is faulty because it is easy to decipher, is quite inaccurate. A
better comparison would be a VW Rabbit to a Porsche. They both get you
from point A to point B, one just does it faster and in a cooler looking
vehicle. Also IPSEC can accommodate things like a NATed connection, and
thus get you around firewalls NATing at a remote location that would
otherwise muck up a PPTP connection.
So in conclusion, while IPSEC is faster it requires additional software.
PPTP is a good quick and dirty way to get your visiting friends onto
your WiFi network without having to have them install all kinds of
software. Both offer better data security and authentication to your
local network then WEP so I do recommend using them. (I even suggest
using them in combination with WEP on your WiFi as that will serve to
frustrate the person who spent all day cracking your WEP key only to
find all the data on the frequency is further encrypted.) You could
always go with WPA if your AP and clients can support it. Honestly, for
WiFi Access via a m0n0wall server I would suggest sticking with PPTP for
simple ease of use. The speed difference will be negligable on a LAN
connection, even WiFi. If your users are savvy enough, go with IPSEC
and configure custom clients and do fun tricks like shared group keys
and then personal passwords or even challenged authentication. Your own
paranoia level will dictate what you are most comfortable with.
Quark AV - Hilton Travis wrote:
>There's a **huge** difference between PPTP and IPSEC as far as security goes
>Personally, I'd place PPTP in the same league as WEP - untrustworthy.
>Hilton Travis Phone: +61-(0)7-3343-3889
>Manager, Mobile: +61 (0)419 792 394
>Quark IT http://www.QuarkIT.com.au/
>Quark AudioVisual http://www.QuarkAV.net/
>Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
>Non Linear Video Editing Solutions & Digital Audio Workstations
>Conference and Seminar AudioVisual Production and Recording
> War doesn't determine who is right. War determines who is left.
>>From: Falcor [mailto:falcor at netassassin dot com]
>>Sent: Wednesday, 2 June 2004 12:36
>>To: James Baber
>>Cc: m0n0wall at lists dot m0n0 dot ch
>>Subject: Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
>>yes it is possible and quite easy to do. see the pptp
>>document at http://m0n0.ch/wall/docbook/pptp.html
>>James Baber wrote:
>>>I want to configure my W2K/XP laptop to use a VPN tunnel
>>>(IPSec) to my m0n0wall (with Soekris VPN1401 & NetGate
>>>802.11B Prism 2.5) specifically over the wireless network.
>>>Actually I would like to configure all my wireless
>>>devices to do this.
>>>Is this possible? If so, can someone point me to an
>>>archived document with instructions? I can't seem to
>>>find exactly what I'm looking for, nor can I seem to
>>>get it to work.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch