SLUG Mailing List Archives
Re: [SLUG] Win2k - Linux VPN
- To: Phil Scarratt <fil@xxxxxxxxxxx>
- Subject: Re: [SLUG] Win2k - Linux VPN
- From: Kevin Saenz <ksaenz@xxxxxxxxxxxxxxx>
- Date: Thu Mar 13 17:54:02 2003
- Cc: SLUG <slug@xxxxxxxxxxx>
I think that was with pptp2 and that was patched 6 months ago.
I am pretty sure of that because with 2k is using pptp3
> My concern with the PPTP path is the reported security issues:
> # Flawed encryption mechanism -- non-random keys, session keys weak hash
> of user password, key lengths too short (non-configurable)
> # Bad password management in mixed Win95/NT environment; static
> passwords easily compromised
> # Vulnerable to server spoofing attacks because packet authentication
> not implemented, easy denial-of-service attacks even inside firewalls
> # MS claims cryptographic weaknesses not yet exploited
> Kevin Saenz wrote:
> > When I was playing with windows and Linux VPN I was using PPTP
> > the connectivity is seamless. I think if you are using Windows
> > standard VPN software then I would be inclined to point you to
> > use PPTP kernel patch. You don't need to add any third party
> > software to Windows.
> > PPTP has pretty good docs on how to install PPTP on to Linux and
> > get the server up and running. Also making Linux a PPTP/VPN server
> > is a piece of cake.
> >>Hi all
> >>Sorry to interrupt all this talk about nominations....
> >>Anyone know a good howto or pointers on setting up a VPN from Win32
> >>clients to Linux server? I'm currently looking at setting up an
> >>IPSEC/L2TP tunnel but am having trouble getting IPSec to work. I tried
> >>to follow instructions at both
> >>to no avail as yet. I get packets arriving at the eth interface but not
> >>ipsec0 interface (tcpdump). No packets are being dropped or rejected but
> >>the logs say the following:
> >>Mar 13 16:25:39 neo pluto: "L2TP-CERT-WIN2KXP" 192.168.1.201
> >>#3: unable to locate my private key for RSA Signature
> >>Mar 13 16:25:55 neo pluto: "L2TP-CERT-WIN2KXP" 192.168.1.201
> >>#3: Peer ID is ID_DER_ASN1_DN: 'C=AU, ST=NSW, O=Draxsen, CN=rivendell'
> >>The error looks like an obvious oversight somewhere but I can't find it?
> >>Is there a better way? (apart from not using M$ OS at all that is).
> >>Thanks for any tips or info.
> >>Phil Scarratt