Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)

From:	James Baber <origin at gmail dot com>
To:	Falcor <falcor at netassassin dot com>
Cc:	Quark AV - Hilton Travis <hilton at quarkav dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
Date:	Wed, 2 Jun 2004 06:50:19 -0700
Anyone know of a decent free Windows IPSec client?

James

On Tue, 01 Jun 2004 23:12:32 -0500, Falcor <falcor at netassassin dot com> wrote:
> 
> He asked, and I answered his question.  If you want IPSEC then set that
> up instead.  Here is a link to the IPSEC document.
> http://m0n0.ch/wall/docbook/ipsec.html  The ssh.com IPSEC client works
> great BTW.
> 
> Last time I checked there are no security flaws in PPTP, just
> Microsoft's implementation of it.  ("What Microsoft, never!" you say....
> but it is true!)  I believe the patch for MS was issued in late 2002.
> But there may be newer stuff as I haven't looked.  I personally use
> IPSEC tunnels terminated on a Cisco 3030.  I just play with the
> tunneling on the m0n0wall because it is damn cool frankly.  (And you
> really can't beat the price.)  The MPD thing was fixed, so that isn't an
> issue either.
> 
> Really from a protocol standpoint PPTP vs. IPSEC only favors IPSEC in
> regard to speed and overhead, and of course IPSEC allows you to split
> the tunnel sending only data intended for the destination to the VPN
> network tunnel.  PPTP is slower (more intensive on both ends of the
> connection) and pipes all network data into the VPN tunnel making it
> hard to limit what is on the vpn tunnel, but comparing it to WEP, which
> is faulty because it is easy to decipher, is quite inaccurate.   A
> better comparison would be a VW Rabbit to a Porsche.  They both get you
> from point A to point B, one just does it faster and in a cooler looking
> vehicle.  Also IPSEC can accommodate things like a NATed connection, and
> thus get you around firewalls NATing at a remote location that would
> otherwise muck up a PPTP connection.
> 
> So in conclusion, while IPSEC is faster it requires additional software.
> PPTP is a good quick and dirty way to get your visiting friends onto
> your WiFi network without having to have them install all kinds of
> software.  Both offer better data security and authentication to your
> local network then WEP so I do recommend using them.  (I even suggest
> using them in combination with WEP on your WiFi as that will serve to
> frustrate the person who spent all day cracking your WEP key only to
> find all the data on the frequency is further encrypted.)    You could
> always go with WPA if your AP and clients can support it.  Honestly, for
> WiFi Access via a m0n0wall server I would suggest sticking with PPTP for
> simple ease of use.  The speed difference will be negligable on a LAN
> connection, even WiFi.  If your users are savvy enough, go with IPSEC
> and configure custom clients and do fun tricks like shared group keys
> and then personal passwords or even challenged authentication.  Your own
> paranoia level will dictate what you are most comfortable with.
> 
> 
> 
> 
> Quark AV - Hilton Travis wrote:
> 
> >Hi Falcor,
> >
> >There's a **huge** difference between PPTP and IPSEC as far as security goes
> >with VPNs.
> >
> >Personally, I'd place PPTP in the same league as WEP - untrustworthy.
> >
> >--
> >
> >Regards,
> >
> >Hilton Travis                        Phone: +61-(0)7-3343-3889
> >Manager,                             Mobile: +61 (0)419 792 394
> >Quark IT                             http://www.QuarkIT.com.au/
> >Quark AudioVisual                    http://www.QuarkAV.net/
> >(Brisbane, Australia)
> >
> >Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
> >Non Linear Video Editing Solutions & Digital Audio Workstations
> >Conference and Seminar AudioVisual Production and Recording
> >
> > War doesn't determine who is right. War determines who is left.
> >
> >
> >
> >
> >>-----Original Message-----
> >>From: Falcor [mailto:falcor at netassassin dot com]
> >>Sent: Wednesday, 2 June 2004 12:36
> >>To: James Baber
> >>Cc: m0n0wall at lists dot m0n0 dot ch
> >>Subject: Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
> >>
> >>yes it is possible and quite easy to do.  see the pptp
> >>document at http://m0n0.ch/wall/docbook/pptp.html
> >>
> >>James Baber wrote:
> >>
> >>
> >>
> >>>Hello,
> >>>
> >>>I want to configure my W2K/XP laptop to use a VPN tunnel
> >>>(IPSec) to my m0n0wall (with Soekris VPN1401 & NetGate
> >>>802.11B Prism 2.5) specifically over the wireless network.
> >>>Actually I would like to configure all my wireless
> >>>devices to do this.
> >>>
> >>>Is this possible?  If so, can someone point me to an
> >>>archived document with instructions?  I can't seem to
> >>>find exactly what I'm looking for, nor can I seem to
> >>>get it to work.
> >>>
> >>>Thanks,
> >>>James
> >>>
> >>>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> >
> 
>