Re: [tlug] Re: VPN

[Jacques Deguest <jack@example.com>]

Tobias Diedrich wrote:

> Tod McQuillin wrote:
> 
>>On Mon, 6 Dec 2004, Christopher SEKIYA wrote:
>>
>>>Option #2 ain't even close to trustworthy.  Go ahead -- set up a 
>>>solution using PPTP, go to defcon, use it, and see how fast your 
>>>concentrator is cracked.
>>
>>Chris omits to mention why SSL and other TCP/IP based solutions (like ppp 
>>over SSH etc) are a bad idea:
>>
>>http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
> 
> 
> OpenVPN is not tcp over tcp, its tcp over udp and thus should be ok
> from that perspective.  And I don't see why it shouldn't be as
> trustworthy as IPSec (Assuming that your local network is secure or
> you are using it endpoint to endpoint)?

Thank you all for your precious comments.

Okay, so if I got this correctly, VPN should not use TCP/IP as a 
transport because it is insecure. So, PPTP is what? PPP with a tuneling 
over TCP/IP using... ssh or something equivalent?

Does any of you have some good step by step documentation on how to go 
with IPSec to deploy it on a Linux/debian machine?
This setting is for the company I work for. The firewall we are using is 
a Linux/debian based FW. I need to make it possible for the Execs to 
access the file server from their laptop when out of the office.

Kind Regards

-- 
Jacques Deguest
<http://www.deguest.jp/>