Confusing PTP and IPSec

roopunix · 09-19-2005, 05:37 AM

I am doing tunneling via PTP.

This make's inteface's called tun0 tun1 respectively for each connection.

this is the logical diagram about how PTP works

serverA Private IP----192.168.1.0/24
\
/ \
/ \
/
{tun0}202.79.x.x public IP {tun1} 202.79.x.x---public Ip
\
/ \
/ \
/
/ \
ServerB tun0{202.79.x.x} ServerC 202.79.x.x tun0
Private Ip---192.168.2.0/24 Private Ip-192.168.3.0/24

Now in the above situation there is PTP connection running.I can ping the private IP's of ServerB and ServerC from ServerA and vice versa.This is what i wanted to do.it is working Great. Now can i use IPSec over this? or do i have to remove PTP first?Is the basic function or work of PTP and IpSec the same.I mean to ping the private IP's of different network.I have been looking the answer of the above questions for a long time but could not find a good and straight one...Please give me some advices......
and where can i get the latest IPSec package?.

fataldata · 09-20-2005, 02:33 PM

I have set up a PPTP connection using the Poptop package, which works like yours. One difference between PPTP and other VPN solutions like IPsec, is that PPTP is Microsoft Proprietary. Because of this it is included on most if not all MS operating systems.
I'm not sure why you would want to run IPsec and PPTP, however I believe you could disconnect the PTP(?) connection while you configure IPsec rather than removing it completely.

roopunix · 09-21-2005, 04:30 AM

No i mean that is there any harm if i dont' move for IPSec.???Well basically as i have understood is that both IPSec and PPTP are for commomn thing.Like accessing on another network's private IP even though there is natting on the gateway server right??

So suggest me.....

The thing i want to do is ,, Just the thing i am doing.So what is the point on moving to IPSec...?

fataldata · 09-21-2005, 11:56 AM

I haven't looked into IPsec very much. Both are just different ways to achieve the same result, a VPN. Perhaps there are vulnerabilities to one or the other that I do not know of. Personally I don't see any reason to use IPsec over PPTP, but I haven't researched it.

VPN's are not solely for accessing PC's on a private network. You could have a public network and use VPN to connect to a machine. This way you do not have to have all of your ports/services exposed to the net.

For example:
If you want to use file sharing on the server machine. Ordinarily this would mean you would have to expose that service (netbios) to the internet. Not a very smart thing to do! However if you use a VPN (pptp ) then the netbios traffic is contained in the pptp packets meaning that the only ports that are exposed to the internet are 1723 and GRE, which is much more secure.