From owner-cvs-all  Mon Jun 18  8:35:15 2001
Delivered-To: cvs-all@freebsd.org
Received: from Awfulhak.org (gw.Awfulhak.org [217.204.245.18])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD9E637B401; Mon, 18 Jun 2001 08:35:08 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.11.4/8.11.4) with ESMTP id f5IFZ7F12982;
	Mon, 18 Jun 2001 16:35:07 +0100 (BST)
	(envelope-from brian@lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.4/8.11.4) with ESMTP id f5IFZ6h05793;
	Mon, 18 Jun 2001 16:35:06 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200106181535.f5IFZ6h05793@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: Mikhail Teterin <mi@aldan.algebra.com>
Cc: brian@FreeBSD.org, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
In-Reply-To: Message from Mikhail Teterin <mi@aldan.algebra.com> 
   of "Mon, 18 Jun 2001 11:24:10 EDT." <200106181524.f5IFOB604430@aldan.algebra.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 18 Jun 2001 16:35:06 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

> On 18 Jun, Brian Somers wrote:
> > brian       2001/06/18 08:00:24 PDT
> > 
> >   Modified files:
> >     usr.sbin/ppp         ccp.c ccp.h command.c deflate.c fsm.c 
> >                          fsm.h ip.c mppe.c ppp.8 pred.c 
> >   Log:
> >   Add support for stateful MPPE (microsoft encryption) providing
> >   encryption compatibility with Windows 2000.  Stateful encryption
> >   uses less CPU but is bad on lossy transports.
> 
> So, I suppose, I'll now be able to avoid using SSH and use PPP
> with encryption over a device like host:port/tcp directly, without
> the
> 	set login "!ssh tunnel@host"
> 
> Great! Thanks,

Aye.

IMHO PPPoUDP with encryption is the best option for VPNs where one 
side has a dynamic IP.  For static gateway IPs with private (rfc1918) 
addresses, IPSEC and gif are better.  With real IPs, IPSEC on its own 
is best.

> 	-mi

-- 
Brian <brian@freebsd-services.co.uk>              <brian@Awfulhak.org>
      http://www.freebsd-services.co.uk/      <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour !      <brian@[uk.]OpenBSD.org>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message