advantages of using Poptop for "VPN" like?

Hi,

I would like to ask what are the advantages that may exist using Poptop?

I can be run very easily. In my opinion, it is not very much secured. However it is very easy to configure compared to openvpn, and it works pretty well.

http://poptop.sourceforge.net/dox/

Best regards

PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP).

PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption).

The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine.

This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken.

In other words: Don't use PPTP, which means don't use PopTop.

Quote:

Originally Posted by Ser Olmy PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP). PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption). The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine. This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken. In other words: Don't use PPTP, which means don't use PopTop.

THANK YOU

On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port?

If you do such operation, it might be secured, isnt it?

Best regards

Quote:

Originally Posted by Xeratul On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port? If you do such operation, it might be secured, isnt it?

Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead?

Quote:

Originally Posted by Ser Olmy Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead?

because it is very easy to install

sudo install-vpn-pptpd.sh 192.168.1.25

Code:

apt-get install pptpd

#      sudo vim /etc/pptpd.conf
echo "localip $1"  >> /etc/pptpd.conf
echo "remoteip 192.168.1.2-100,192.168.1.245"  >> /etc/pptpd.conf
echo "ms-dns 192.168.1.1"  >>  /etc/pptpd.conf
echo "nobsdcomp"  >>  /etc/pptpd.conf
echo "noipx"  >>  /etc/pptpd.conf
echo "mtu 1490"  >>  /etc/pptpd.conf
echo "mru 1490"  >>  /etc/pptpd.conf


# sudo vim /etc/ppp/chap-secrets
echo "minimi <TAB> * <TAB> theverygreatadventure <TAB> *" >> /etc/ppp/chap-secrets

/etc/init.d/pptpd restart

echo "***************************"

If you have a such a script for other and better VPN, please do not hesitate