[olug] [OT] pptp IPsec

Rob Townley rob.townley at gmail.com
Thu Jun 16 20:49:13 UTC 2011

i came across someone else's cisco asa 5505 today which is setup with
ipsec and pptp xauth.  The pptp disturbed me especially.  It didn't
even try to use CHAPv2.  i figured maybe  pptp over IPsec should be ok
because IPsec provides an underlying layer of encryption and pptp is
just doing identity management.

Then when i got back home on my Fedora box, `man vpnc` displays this warning:
     OBLIGATORY  WARNING: the most used configuration
     (XAUTH authentication with pre-shared keys and password authentication)
     is insecure by design, be aware of this fact when you use vpnc to exchange
     sensitive data like passwords!

i do know L2TP is much better.  i would _LOVE_ to go off into a
tangent far into deep cyberspace, but i would never come back.
Anybody wanna back up the manpage with more detail?  i know PPTP is
easily popped open, but a little grey is pptp over ipsec.

p.s. i understand these to be BSD or Linux based Cisco systems and i
could get a ssh prompt.  Anybody have further details

More information about the OLUG mailing list