| Linux - Server This forum is for the discussion of Linux Software used in a server related context. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
01-04-2013, 10:48 PM
|
#1
|
|
Member
Registered: Jun 2006
Location: Debian Land
Posts: 963
Rep: 
|
advantages of using Poptop for "VPN" like?
Hi,
I would like to ask what are the advantages that may exist using Poptop?
I can be run very easily. In my opinion, it is not very much secured. However it is very easy to configure compared to openvpn, and it works pretty well.
http://poptop.sourceforge.net/dox/
Best regards |
|
|
|
|
01-04-2013, 11:27 PM
|
#2
|
|
Member
Registered: Jan 2012
Distribution: Slackware
Posts: 690
Rep: 
|
PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP).
PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption).
The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine.
This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken.
In other words: Don't use PPTP, which means don't use PopTop. |
|
|
|
|
01-05-2013, 12:04 AM
|
#3
|
|
Member
Registered: Jun 2006
Location: Debian Land
Posts: 963
Original Poster
Rep:
|
Quote:
Originally Posted by Ser Olmy
PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP).
PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption).
The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine.
This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken.
In other words: Don't use PPTP, which means don't use PopTop. |
THANK YOU
On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port?
If you do such operation, it might be secured, isnt it?
Best regards |
|
|
|
|
01-05-2013, 12:43 AM
|
#4
|
|
Member
Registered: Jan 2012
Distribution: Slackware
Posts: 690
Rep:
|
Quote:
Originally Posted by Xeratul
On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port?
If you do such operation, it might be secured, isnt it?
|
Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead? |
|
|
|
|
01-05-2013, 02:30 AM
|
#5
|
|
Member
Registered: Jun 2006
Location: Debian Land
Posts: 963
Original Poster
Rep:
|
Quote:
Originally Posted by Ser Olmy
Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead?
|
because it is very easy to install
sudo install-vpn-pptpd.sh 192.168.1.25
Code:
apt-get install pptpd
# sudo vim /etc/pptpd.conf
echo "localip $1" >> /etc/pptpd.conf
echo "remoteip 192.168.1.2-100,192.168.1.245" >> /etc/pptpd.conf
echo "ms-dns 192.168.1.1" >> /etc/pptpd.conf
echo "nobsdcomp" >> /etc/pptpd.conf
echo "noipx" >> /etc/pptpd.conf
echo "mtu 1490" >> /etc/pptpd.conf
echo "mru 1490" >> /etc/pptpd.conf
# sudo vim /etc/ppp/chap-secrets
echo "minimi <TAB> * <TAB> theverygreatadventure <TAB> *" >> /etc/ppp/chap-secrets
/etc/init.d/pptpd restart
echo "***************************"
If you have a such a script for other and better VPN, please do not hesitate  |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 09:12 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
