From owner-cvs-all  Mon Jun 18  9:23:34 2001
Delivered-To: cvs-all@freebsd.org
Received: from misha.privatelabs.com (misha.privatelabs.com [66.9.25.166])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8E52B37B401; Mon, 18 Jun 2001 09:23:27 -0700 (PDT)
	(envelope-from mi@aldan.algebra.com)
Received: from misha.privatelabs.com (mi@localhost [127.0.0.1])
	by misha.privatelabs.com (8.11.3/8.11.1) with ESMTP id f5IGNJ097372;
	Mon, 18 Jun 2001 12:23:21 -0400 (EDT)
	(envelope-from mi@aldan.algebra.com)
Message-Id: <200106181623.f5IGNJ097372@misha.privatelabs.com>
Date: Mon, 18 Jun 2001 12:23:18 -0400 (EDT)
From: mi@aldan.algebra.com
Reply-To: mi@aldan.algebra.com
Subject: Re: cvs commit: src/usr.sbin/ppp ccp.c ccp.h command.c deflate.c fsm.c fsm.h ip.c mppe.c ppp.8 pred.c 
To: brian@Awfulhak.org
Cc: brian@FreeBSD.org, cvs-committers@FreeBSD.org,
	cvs-all@FreeBSD.org
In-Reply-To: <200106181535.f5IFZ6h05793@hak.lan.Awfulhak.org>
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

On 18 Jun, Brian Somers wrote:
>> On 18 Jun, Brian Somers wrote:
>> > brian       2001/06/18 08:00:24 PDT
>> > 
>> >   Modified files:
>> >     usr.sbin/ppp         ccp.c ccp.h command.c deflate.c fsm.c 
>> >                          fsm.h ip.c mppe.c ppp.8 pred.c 
>> >   Log:
>> >   Add support for stateful MPPE (microsoft encryption) providing
>> >   encryption compatibility with Windows 2000.  Stateful encryption
>> >   uses less CPU but is bad on lossy transports.
                                   ^^^^^^^^^^^^^^^^
>> 
>> So, I suppose, I'll now be able to avoid using SSH and use PPP
>> with encryption over a device like host:port/tcp directly, without
>> the
>> 	set login "!ssh tunnel@host"
>> 
>> Great! Thanks,
> 
> Aye.
> 
> IMHO PPPoUDP with encryption is the best option for VPNs where one

But, does not UDP qualify as one of those "lossy transports"?

> side has a dynamic IP.  For static gateway IPs with private (rfc1918) 
> addresses, IPSEC and gif are better. With real IPs, IPSEC on its own 
> is best.

I looked for a tutorial on IPSEC/GIF somewhere, but could not find it :(

	-mi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message