Anyone know of a decent free Windows IPSec client?
On Tue, 01 Jun 2004 23:12:32 -0500, Falcor <falcor at netassassin dot com> wrote:
> He asked, and I answered his question. If you want IPSEC then set that
> up instead. Here is a link to the IPSEC document.
> http://m0n0.ch/wall/docbook/ipsec.html The ssh.com IPSEC client works
> great BTW.
> Last time I checked there are no security flaws in PPTP, just
> Microsoft's implementation of it. ("What Microsoft, never!" you say....
> but it is true!) I believe the patch for MS was issued in late 2002.
> But there may be newer stuff as I haven't looked. I personally use
> IPSEC tunnels terminated on a Cisco 3030. I just play with the
> tunneling on the m0n0wall because it is damn cool frankly. (And you
> really can't beat the price.) The MPD thing was fixed, so that isn't an
> issue either.
> Really from a protocol standpoint PPTP vs. IPSEC only favors IPSEC in
> regard to speed and overhead, and of course IPSEC allows you to split
> the tunnel sending only data intended for the destination to the VPN
> network tunnel. PPTP is slower (more intensive on both ends of the
> connection) and pipes all network data into the VPN tunnel making it
> hard to limit what is on the vpn tunnel, but comparing it to WEP, which
> is faulty because it is easy to decipher, is quite inaccurate. A
> better comparison would be a VW Rabbit to a Porsche. They both get you
> from point A to point B, one just does it faster and in a cooler looking
> vehicle. Also IPSEC can accommodate things like a NATed connection, and
> thus get you around firewalls NATing at a remote location that would
> otherwise muck up a PPTP connection.
> So in conclusion, while IPSEC is faster it requires additional software.
> PPTP is a good quick and dirty way to get your visiting friends onto
> your WiFi network without having to have them install all kinds of
> software. Both offer better data security and authentication to your
> local network then WEP so I do recommend using them. (I even suggest
> using them in combination with WEP on your WiFi as that will serve to
> frustrate the person who spent all day cracking your WEP key only to
> find all the data on the frequency is further encrypted.) You could
> always go with WPA if your AP and clients can support it. Honestly, for
> WiFi Access via a m0n0wall server I would suggest sticking with PPTP for
> simple ease of use. The speed difference will be negligable on a LAN
> connection, even WiFi. If your users are savvy enough, go with IPSEC
> and configure custom clients and do fun tricks like shared group keys
> and then personal passwords or even challenged authentication. Your own
> paranoia level will dictate what you are most comfortable with.
> Quark AV - Hilton Travis wrote:
> >Hi Falcor,
> >There's a **huge** difference between PPTP and IPSEC as far as security goes
> >with VPNs.
> >Personally, I'd place PPTP in the same league as WEP - untrustworthy.
> >Hilton Travis Phone: +61-(0)7-3343-3889
> >Manager, Mobile: +61 (0)419 792 394
> >Quark IT http://www.QuarkIT.com.au/
> >Quark AudioVisual http://www.QuarkAV.net/
> >(Brisbane, Australia)
> >Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
> >Non Linear Video Editing Solutions & Digital Audio Workstations
> >Conference and Seminar AudioVisual Production and Recording
> > War doesn't determine who is right. War determines who is left.
> >>-----Original Message-----
> >>From: Falcor [mailto:falcor at netassassin dot com]
> >>Sent: Wednesday, 2 June 2004 12:36
> >>To: James Baber
> >>Cc: m0n0wall at lists dot m0n0 dot ch
> >>Subject: Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
> >>yes it is possible and quite easy to do. see the pptp
> >>document at http://m0n0.ch/wall/docbook/pptp.html
> >>James Baber wrote:
> >>>I want to configure my W2K/XP laptop to use a VPN tunnel
> >>>(IPSec) to my m0n0wall (with Soekris VPN1401 & NetGate
> >>>802.11B Prism 2.5) specifically over the wireless network.
> >>>Actually I would like to configure all my wireless
> >>>devices to do this.
> >>>Is this possible? If so, can someone point me to an
> >>>archived document with instructions? I can't seem to
> >>>find exactly what I'm looking for, nor can I seem to
> >>>get it to work.
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch