Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jun 2001 12:23:18 -0400 (EDT)
From:      mi@aldan.algebra.com
To:        brian@Awfulhak.org
Cc:        brian@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
Message-ID:  <200106181623.f5IGNJ097372@misha.privatelabs.com>
In-Reply-To: <200106181535.f5IFZ6h05793@hak.lan.Awfulhak.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On 18 Jun, Brian Somers wrote:
>> On 18 Jun, Brian Somers wrote:
>> > brian       2001/06/18 08:00:24 PDT
>> > 
>> >   Modified files:
>> >     usr.sbin/ppp         ccp.c ccp.h command.c deflate.c fsm.c 
>> >                          fsm.h ip.c mppe.c ppp.8 pred.c 
>> >   Log:
>> >   Add support for stateful MPPE (microsoft encryption) providing
>> >   encryption compatibility with Windows 2000.  Stateful encryption
>> >   uses less CPU but is bad on lossy transports.
                                   ^^^^^^^^^^^^^^^^
>> 
>> So, I suppose, I'll now be able to avoid using SSH and use PPP
>> with encryption over a device like host:port/tcp directly, without
>> the
>> 	set login "!ssh tunnel@host"
>> 
>> Great! Thanks,
> 
> Aye.
> 
> IMHO PPPoUDP with encryption is the best option for VPNs where one

But, does not UDP qualify as one of those "lossy transports"?

> side has a dynamic IP.  For static gateway IPs with private (rfc1918) 
> addresses, IPSEC and gif are better. With real IPs, IPSEC on its own 
> is best.

I looked for a tutorial on IPSEC/GIF somewhere, but could not find it :(

	-mi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106181623.f5IGNJ097372>