Date: Mon, 28 Dec 1998 03:10:39 -0500 From: Matt White <mwhite@cmu.edu> To: freebsd-current@FreeBSD.ORG Subject: Re: PPTP and FreeBSD Message-ID: <4281573128.914814639@DEIMOS.REM.CMU.EDU> In-Reply-To: <199812272119.QAA13600@o2.cs.rpi.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
L2TP is much the same way. The reason for this is that these protocols are not really designed for what we are using them for. Both PPTP and L2TP are ways of tunneling traffic received from a client by an ISP's remote access device back to a corporate network. There is only one control connection per corporate network endpoint. This has the advantage that the end user doesn't have to set anything up on their computer to take advantage of the tunneling...it is done automatically by the RAS. The difficulty is, of course, that arrangements for these tunnels must be made at all possible access points so I wonder how much L2TP is actually ever going to be used as intended. As far as the amount of work required to implement L2TP or PPTP, I'm not sure about how bad it would be. Keep in mind that a good portion of both of these protocols are implemented elsewhere. It might be more of an issue of sewing the right modules together. Not that I'm going to spend the time to do it. My personal feeling is that VPNs are evil and yet another excuse to not properly secure one's systems (firewalls being the last excuse). -Matt --On Sunday, December 27, 1998, 4:19 PM -0500 "David E. Cross" <crossd@cs.rpi.edu> wrote: >> Regardless, we would like a PPTP server running under >> FreeBSD/Linux/Solaris at this site because we subscribe to a number of >> services that do security by IP address. Our desire would be more to be >> able to assign IPs from our address space to roaming users. > > I had looked into this at the past, and read the relavent RFCs and MS > documentation on it. It is a bad joke, all the way arround. First it > uses a modified version of the GRE protocol (that is why I asked about > GRE support in the kernel way back when), as an encapsulation around the > PPP packets. It also must have a TCP connection between the client and > the server to act as a controll connection. If that control connection > is lost for whatever reason , the tunel is closed. Oh yes, one last > thing, the GRE portion of the tunel, where the data actually goes, has an > ack/nak, sliding window and retransmit system (again, outlined in the MS > documentation). While I think this would be a good thing to have, just > to be compatible, and ideally as a part of a larger 'iptunel' packagel; > it is *alot* of work. > > -- > David Cross > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4281573128.914814639>