LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-04-2013, 10:48 PM   #1
Xeratul
Senior Member
 
Registered: Jun 2006
Location: Debian Land
Posts: 1,335

Rep: Reputation: 83
advantages of using Poptop for "VPN" like?


Hi,

I would like to ask what are the advantages that may exist using Poptop?

I can be run very easily. In my opinion, it is not very much secured. However it is very easy to configure compared to openvpn, and it works pretty well.

http://poptop.sourceforge.net/dox/

Best regards
 
Old 01-04-2013, 11:27 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,985

Rep: Reputation: Disabled
PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP).

PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption).

The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine.

This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken.

In other words: Don't use PPTP, which means don't use PopTop.
 
Old 01-05-2013, 12:04 AM   #3
Xeratul
Senior Member
 
Registered: Jun 2006
Location: Debian Land
Posts: 1,335

Original Poster
Rep: Reputation: 83
Quote:
Originally Posted by Ser Olmy View Post
PopTop is a server implementation of the Point-to-Point Tunneling Protocol (PPTP).

PPTP is Microsoft's invention, and it was their VPN protocol of choice until a few years ago. It uses MSCHAPv2 authentication and GRE tunneling with a particular RC4-based encryption scheme called MPPE (Microsoft Point-to-Point Encryption).

The MSCHAPv2 handshake has a fatal flaw that makes it possible for a listening third-party to find a PPTP password hash relatively quickly using a brute-force algorithm. And although there's no easy way to turn a password hash into a plaintext password, another weakness in the MSCHAPv2 algorithm ("password-equivalent hashes" - now there's a contradiction in terms) means you don't actually need the password to authenticate. The hash will do just fine.

This means one should not use PPTP over an unsecured network. As PPTP is a VPN protocol, it's main use is precisely for setting up VPN tunnels over public, insecure networks, so that means PPTP is fundamentally broken.

In other words: Don't use PPTP, which means don't use PopTop.

THANK YOU

On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port?

If you do such operation, it might be secured, isnt it?

Best regards
 
Old 01-05-2013, 12:43 AM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 1,985

Rep: Reputation: Disabled
Quote:
Originally Posted by Xeratul View Post
On an intranet, behind the firewall, there is not much dangers, right? So, what about ssh and forwarding the port?

If you do such operation, it might be secured, isnt it?
Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead?
 
Old 01-05-2013, 02:30 AM   #5
Xeratul
Senior Member
 
Registered: Jun 2006
Location: Debian Land
Posts: 1,335

Original Poster
Rep: Reputation: 83
Quote:
Originally Posted by Ser Olmy View Post
Sure, but why use such an outdated protocol at all when you can use IPsec, L2TP or SSTP instead?


because it is very easy to install

sudo install-vpn-pptpd.sh 192.168.1.25
Code:
apt-get install pptpd

#      sudo vim /etc/pptpd.conf
echo "localip $1"  >> /etc/pptpd.conf
echo "remoteip 192.168.1.2-100,192.168.1.245"  >> /etc/pptpd.conf
echo "ms-dns 192.168.1.1"  >>  /etc/pptpd.conf
echo "nobsdcomp"  >>  /etc/pptpd.conf
echo "noipx"  >>  /etc/pptpd.conf
echo "mtu 1490"  >>  /etc/pptpd.conf
echo "mru 1490"  >>  /etc/pptpd.conf


# sudo vim /etc/ppp/chap-secrets
echo "minimi <TAB> * <TAB> theverygreatadventure <TAB> *" >> /etc/ppp/chap-secrets

/etc/init.d/pptpd restart

echo "***************************"
If you have a such a script for other and better VPN, please do not hesitate
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Displaying "MyComputer", "Trash", "Network Servers" Icons On A GNOME Desktop LXer Syndicated Linux News 0 04-02-2007 08:31 AM
pppd fail: "message too long" in PopTop VPN Tony Erwood Linux - Networking 0 10-09-2006 03:24 AM
I Have A Big Questions About ""vpn"" eder_michael11 Linux - General 7 06-07-2006 04:49 AM
PoPToP VPN with Shorewall: can only reach PoPToP server pgwillemsen Linux - Networking 0 12-27-2004 07:11 AM
What are the Advantages of a "Tight" Kernel? duerra Linux - Newbie 3 01-15-2004 08:17 AM


All times are GMT -5. The time now is 04:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration