Apparently flakey behavior with DNAT, SNAT, and masquerading
Ramin Alidousti
ramin@UU.NET
Thu, 21 Jun 2001 03:56:39 -0400
On Wed, Jun 20, 2001 at 10:05:47PM -0700, Shane Chen wrote:
> There are security issues if you don't bother to set it up properly. If
> you do, it's actually okay. Not the fastest encryption, but does its
> job.
This is partially correct. If you don't set it up correctly, it simply
doesn't work. There is not much you can do wrong with it, though. Just
like ftp it has a control connection TCP/1723 and data GRE.
BTW, PPTP does _not_ define any encryption at all, which falls under
"not the fastest encryption" as you said ;-) But of course you can do
encryption whenever you want and you can use whatever encryption mechanism
you see fit.
The only VPN-ish thing it does is the tunneling. Its use is mainly on
M$ machines and has become obsolete by L2TP. The only decent place to
use PPTP or L2TP is when you want to extend the receiving endpoint of
your PPP.
For a real VPN, IPSec is the way to go...
Ramin
>
> Shane
>
> Greg Scott wrote:
> >
> > PPTP. I know there are security issues.
> >
> > The VPN Server is a Win2000 Server. The VPN clients are Win95/98/2000.
> > That's why PPTP - it's theoretically easy to do.
> >
> > - Greg