[olug] [OT] pptp IPsec
Rob Townley
rob.townley at gmail.com
Thu Jun 16 20:49:13 UTC 2011
i came across someone else's cisco asa 5505 today which is setup with
ipsec and pptp xauth. The pptp disturbed me especially. It didn't
even try to use CHAPv2. i figured maybe pptp over IPsec should be ok
because IPsec provides an underlying layer of encryption and pptp is
just doing identity management.
Then when i got back home on my Fedora box, `man vpnc` displays this warning:
OBLIGATORY WARNING: the most used configuration
(XAUTH authentication with pre-shared keys and password authentication)
is insecure by design, be aware of this fact when you use vpnc to exchange
sensitive data like passwords!
i do know L2TP is much better. i would _LOVE_ to go off into a
tangent far into deep cyberspace, but i would never come back.
Anybody wanna back up the manpage with more detail? i know PPTP is
easily popped open, but a little grey is pptp over ipsec.
p.s. i understand these to be BSD or Linux based Cisco systems and i
could get a ssh prompt. Anybody have further details
More information about the OLUG
mailing list