Currently we are evaluating several remote access methods for our teleworkers. FreeSwan / IPSEC seems to be the preferred choice but suffers badly from NAT-problems. PPTP is another possibility but is it safe enough? PPTP of course has the advantage that it is supported by Windows-clients natively. What is your opinion about this ? Thanks Ad K.
Hi, I think it is a matter of ease of administration. One of IPSEC windows client is SSH Sentinel. Done the interoperability between Freeswan and Ipsec, and it is 10 times demanding than administering PPTP (Linux PopTop) and windows client. So you are quite right. PPTP has the benefit of being supported by windows AND easy to administer. The price: it''s not as safe as IPSEC. Hope that help. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Ad Koster Sent: Sunday, November 16, 2003 9:50 PM To: Shorewall Subject: [Shorewall-users] pptp/ipsec Currently we are evaluating several remote access methods for our teleworkers. FreeSwan / IPSEC seems to be the preferred choice but suffers badly from NAT-problems. PPTP is another possibility but is it safe enough? PPTP of course has the advantage that it is supported by Windows-clients natively. What is your opinion about this ? Thanks Ad K. _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
On Sun, 16 Nov 2003, Ad Koster wrote:> Currently we are evaluating several remote access methods for our > teleworkers. > > FreeSwan / IPSEC seems to be the preferred choice but suffers badly from > NAT-problems. > > PPTP is another possibility but is it safe enough? PPTP of course has > the advantage that it is supported by Windows-clients natively. > > What is your opinion about this ? >For my own remote access, I use PPTP. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sun, 2003-11-16 at 16:37, Tom Eastep wrote:> On Sun, 16 Nov 2003, Ad Koster wrote: > > > Currently we are evaluating several remote access methods for our > > teleworkers. > > > > FreeSwan / IPSEC seems to be the preferred choice but suffers badly from > > NAT-problems. > > > > PPTP is another possibility but is it safe enough? PPTP of course has > > the advantage that it is supported by Windows-clients natively. > > > > What is your opinion about this ? > > > > For my own remote access, I use PPTP. > > -TomTom, Is PPTP suitable for use in a "larger" production environment do you think ? In our company there will be about 30 teleworkers. Ad K.
On Sun, 2003-11-16 at 08:39, Ad Koster wrote:> > Is PPTP suitable for use in a "larger" production environment do you > think ? > > In our company there will be about 30 teleworkers. >We use it at HP and we''re a little bit larger than that :-) -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Sun, 2003-11-16 at 08:44, Tom Eastep wrote:> > We use it at HP and we''re a little bit larger than that :-) >OTOH, we''re not using PopTop as our server. I don''t have any experience with running PopTop with that many simultaneous clients. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Il dom, 2003-11-16 alle 11:50, Ad Koster ha scritto:> FreeSwan / IPSEC .... > PPTP ... > What is your opinion about this ?Why not OpenVPN ? There is a windows client (and server) like FreeSWAN and PPTP -- Dario Lesca <d.lesca@solinos.it>
On Tue, 2003-11-18 at 22:27, Dario Lesca wrote:> Il dom, 2003-11-16 alle 11:50, Ad Koster ha scritto: > > > FreeSwan / IPSEC .... > > PPTP ... > > What is your opinion about this ? > > Why not OpenVPN ? > > There is a windows client (and server) like FreeSWAN and PPTPOpenVPN certainly is a promising project but the Windows-client is still in beta stage, so not ready for use in a production environment I guess. Ad K.