Apparently flakey behavior with DNAT, SNAT, and masquerading
Shane Chen
shane@knowplace.org
Thu, 21 Jun 2001 01:23:25 -0700
Ramin Alidousti wrote:
> On Wed, Jun 20, 2001 at 10:05:47PM -0700, Shane Chen wrote:
> > There are security issues if you don't bother to set it up properly. If
> > you do, it's actually okay. Not the fastest encryption, but does its
> > job.
>
> This is partially correct. If you don't set it up correctly, it simply
> doesn't work. There is not much you can do wrong with it, though. Just
> like ftp it has a control connection TCP/1723 and data GRE.
I wasn't actually referring to the firewall setup. I was referring to
registery settings that you have to set on the PPTP RAS servers to
prevent rollback attacks or setting the encryption strength.
Shane