Paul on Tue, 23 Sep 2003 14:25:22 -0400


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Security Alert about VPN


LeRoy Cressy wrote:

I Saw the following article on http://slashdot.org
http://slashdot.org/articles/03/09/22/2127236.shtml?tid=106&tid=126&tid=172&tid=185


which lead me to this great article "Linux's answer to MS-PPTP"
http://www.mail-archive.com/cryptography%40metzdowd.com/msg00891.html

With your interest in security and those who are considering setting up a VPN I would take this information very seriously. The worse thing that can happen is to think that you are secure when you are not.


There are a few messages about FreeS/WAN as a more secure alternative to the packages in the article. FreeS/WAN is based on IPsec if that makes a difference.

One minor oddity that I noticed is half-encryption, encryption of packets moving in one direction only, in one particular case. I'm sure it's a config issue.

Anyway, if PPTP is that great, why is M$ coding for IPsec now?

_________________________________________________________________________
Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug