[ previous ] [ next ] [ threads ]
 
 From:  "Quark AV - Hilton Travis" <Hilton at QuarkAV dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
 Date:  Thu, 3 Jun 2004 07:19:17 +1000
Hi Falcor,

Yes, he asked.  He asked about an IPSEC VPN, hence my comment that your PPTP
information wasn't what he was asking about.  Next time, please go back and
read the original post before shooting your mouth off and making yourself
look like a complete goose.

Oh, and when and where did I say that I was against Microsoft?  Nowhere that
I can remember.  I make good money out of Microsoft, thanks very much.

--
 
Regards,
 
Hilton Travis                        Phone: +61-(0)7-3343-3889
Manager,                             Mobile: +61 (0)419 792 394
Quark IT                             http://www.QuarkIT.com.au/
Quark AudioVisual                    http://www.QuarkAV.net/
(Brisbane, Australia)
 
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Non Linear Video Editing Solutions & Digital Audio Workstations
Conference and Seminar AudioVisual Production and Recording
 
 War doesn't determine who is right. War determines who is left.
 

> -----Original Message-----
> From: Falcor [mailto:falcor at netassassin dot com] 
> Sent: Wednesday, 2 June 2004 14:13
> To: Quark AV - Hilton Travis
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Newbie ? - IPSec via Wireless (like SonicWall)
> 
> He asked, and I answered his question.  If you want IPSEC 
> then set that up instead.  Here is a link to the IPSEC document. 
>  http://m0n0.ch/wall/docbook/ipsec.html  The ssh.com IPSEC 
> client works great BTW.
> 
> Last time I checked there are no security flaws in PPTP, just 
> Microsoft's implementation of it.  ("What Microsoft, never!" 
> you say.... 
> but it is true!)  I believe the patch for MS was issued in late 2002. 
>  But there may be newer stuff as I haven't looked.  I 
> personally use IPSEC tunnels terminated on a Cisco 3030.  I 
> just play with the tunneling on the m0n0wall because it is 
> damn cool frankly.  (And you really can't beat the price.)  
> The MPD thing was fixed, so that isn't an issue either.
> 
> Really from a protocol standpoint PPTP vs. IPSEC only favors 
> IPSEC in regard to speed and overhead, and of course IPSEC 
> allows you to split the tunnel sending only data intended for 
> the destination to the VPN network tunnel.  PPTP is slower 
> (more intensive on both ends of the
> connection) and pipes all network data into the VPN tunnel 
> making it hard to limit what is on the vpn tunnel, but 
> comparing it to WEP, which 
> is faulty because it is easy to decipher, is quite inaccurate.   A 
> better comparison would be a VW Rabbit to a Porsche.  They 
> both get you from point A to point B, one just does it faster 
> and in a cooler looking vehicle.  Also IPSEC can accommodate 
> things like a NATed connection, and thus get you around 
> firewalls NATing at a remote location that would otherwise 
> muck up a PPTP connection.
> 
> So in conclusion, while IPSEC is faster it requires 
> additional software. 
>  PPTP is a good quick and dirty way to get your visiting 
> friends onto your WiFi network without having to have them 
> install all kinds of software.  Both offer better data 
> security and authentication to your local network then WEP so 
> I do recommend using them.  (I even suggest using them in 
> combination with WEP on your WiFi as that will serve to 
> frustrate the person who spent all day cracking your WEP key only to 
> find all the data on the frequency is further encrypted.)    
> You could 
> always go with WPA if your AP and clients can support it.  
> Honestly, for WiFi Access via a m0n0wall server I would 
> suggest sticking with PPTP for simple ease of use.  The speed 
> difference will be negligable on a LAN connection, even WiFi. 
>  If your users are savvy enough, go with IPSEC and configure 
> custom clients and do fun tricks like shared group keys and 
> then personal passwords or even challenged authentication.  
> Your own paranoia level will dictate what you are most 
> comfortable with.  
> 
> 
> 
> 
> Quark AV - Hilton Travis wrote:
> 
> >Hi Falcor,
> >
> >There's a **huge** difference between PPTP and IPSEC as far 
> as security 
> >goes with VPNs.
> >
> >Personally, I'd place PPTP in the same league as WEP - untrustworthy.
> >
> >--
> > 
> >Regards,
> > 
> >Hilton Travis                        Phone: +61-(0)7-3343-3889
> >Manager,                             Mobile: +61 (0)419 792 394
> >Quark IT                             http://www.QuarkIT.com.au/
> >Quark AudioVisual                    http://www.QuarkAV.net/
> >(Brisbane, Australia)
> > 
> >Network Administration, SmoothWall Firewalls, NOD32 AntiVirus Non 
> >Linear Video Editing Solutions & Digital Audio Workstations 
> Conference 
> >and Seminar AudioVisual Production and Recording
> > 
> > War doesn't determine who is right. War determines who is left.
> > 
> >
> >  
> >
> >>-----Original Message-----
> >>From: Falcor [mailto:falcor at netassassin dot com]
> >>Sent: Wednesday, 2 June 2004 12:36
> >>To: James Baber
> >>Cc: m0n0wall at lists dot m0n0 dot ch
> >>Subject: Re: [m0n0wall] Newbie ? - IPSec via Wireless (like 
> SonicWall)
> >>
> >>yes it is possible and quite easy to do.  see the pptp document at 
> >>http://m0n0.ch/wall/docbook/pptp.html
> >>
> >>James Baber wrote:
> >>
> >>    
> >>
> >>>Hello,
> >>>
> >>>I want to configure my W2K/XP laptop to use a VPN tunnel
> >>>(IPSec) to my m0n0wall (with Soekris VPN1401 & NetGate 
> 802.11B Prism 
> >>>2.5) specifically over the wireless network.
> >>>Actually I would like to configure all my wireless devices to do 
> >>>this.
> >>>
> >>>Is this possible?  If so, can someone point me to an archived 
> >>>document with instructions?  I can't seem to find exactly what I'm 
> >>>looking for, nor can I seem to get it to work.
> >>>
> >>>Thanks,
> >>>James
> >>>      
> >>>
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >  
> >
> 
>