From: Phillip Windell on
"Bill Grant" <not.available(a)online> wrote in message
news:uMOaD0PgKHA.1112(a)TK2MSFTNGP04.phx.gbl...
>
> I would say that PPTP maintains its popularity with small to medium
> sized organisations because it does not require certificates. If you have
> an established certificate system in your organisation (and a person
> capable of maintaining it), L2TP is the obvious choice.

Could use a pre-shared key for the L2TP which is about like using a
password. However I just use PPTP being the small to medium size kinda guy
that I am :-)

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


From: karthikbalaguru on
On Dec 20, 2:54 pm, Rob <nom...(a)example.com> wrote:
> karthikbalaguru <karthikbalagur...(a)gmail.com> wrote:
> > On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...(a)chicagotech.net>
> > wrote:
> >> IPSec and PPTP are more popular. The PPTP is using for client to server.
> >> IPSec can be used as cleint to server or site to site VPN. This search
> >> result may help.
>
> > Thx for your response. But it seems that PPTP can support only one
> > tunnel at a
> > time for each user. Therefore, its proposed successor, L2TP (a hybrid
> > of PPTP
> > and another protocol, L2F ) can support multiple, simultaneous tunnels
> > for
> > each user.
>
> > So, shouldn't L2TP be popular ?
>
> I think you should know that "what is popular" is not determined by
> what can do most, what is technically superior and other such reasons
> that you run in to when you do a comparison of VPN technologies as
> a technician.
>
> What is popular is determined by what sells best, or what is part of
> something that already sells best.  When it can do the job, it is used.
>

Yes, that is true. Agreed :-)
Thinking on the similar lines, another query popped
up in my mind. In the case of L2TP, Is it mandatory
that in the 'voluntary tunnel mode', the tunnel should
end at the remote client and in the 'compulsory
tunnel mode', the tunnel should end at the ISP ?

Are there no other scenarios with other endpoints ?

Thx in advans,
Karthik Balaguru
From: karthikbalaguru on
On Dec 22, 5:13 am, karthikbalaguru <karthikbalagur...(a)gmail.com>
wrote:
> On Dec 20, 2:54 pm, Rob <nom...(a)example.com> wrote:
>
>
>
>
>
> > karthikbalaguru <karthikbalagur...(a)gmail.com> wrote:
> > > On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...(a)chicagotech.net>
> > > wrote:
> > >> IPSec and PPTP are more popular. The PPTP is using for client to server.
> > >> IPSec can be used as cleint to server or site to site VPN. This search
> > >> result may help.
>
> > > Thx for your response. But it seems that PPTP can support only one
> > > tunnel at a
> > > time for each user. Therefore, its proposed successor, L2TP (a hybrid
> > > of PPTP
> > > and another protocol, L2F ) can support multiple, simultaneous tunnels
> > > for
> > > each user.
>
> > > So, shouldn't L2TP be popular ?
>
> > I think you should know that "what is popular" is not determined by
> > what can do most, what is technically superior and other such reasons
> > that you run in to when you do a comparison of VPN technologies as
> > a technician.
>
> > What is popular is determined by what sells best, or what is part of
> > something that already sells best.  When it can do the job, it is used.
>
> Yes, that is true. Agreed :-)
> Thinking on the similar lines, another query popped
> up in my mind. In the case of L2TP, Is it mandatory
> that in the 'voluntary tunnel mode', the tunnel should
> end at the remote client and in the 'compulsory
> tunnel mode', the tunnel should end at the ISP ?
>
> Are there no other scenarios with other endpoints ?
>

The 'Tunneling models' section in the below link
clarifies it.
http://en.wikipedia.org/wiki/Layer_2_Tunneling_Protocol

Lemme know if there are other scenarios apart from
those mentioned in the above link.

Thx,
Karthik Balaguru
From: Stefan Monnier on
> IPSEC is very widely used for infrastructure VPNs and is not
> proprietary. Cisco interoperates with Checkpoint interoperates with
> Draytek interoperates with OpenVPN ....... Never found a problem in
> dozens of cases.

In which sense do they "interoperate"?

> OpenVPN is proprietary and will not work with a Draytek router.

In which sense is OpenVPN proprietary?

> If you do not, setting up and maintaining this simply to support a few
> dialup VPN clients is a big ask. Making a few changes to your firewall for
> GRE is pretty minor by comparison.

I went to the trouble of setting up a personal OpenVPN server (and
corresponding clients) specifically because of the endless problems
I had with firewalls when using PPTP (and I don't know about other
people, but I can't make any change to most of the firewalls to which
I'm exposed; and even when I could I still had problems when several
machines within the same NAT subnet tried to use the same VPN).


Stefan
From: alexd on
Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Stefan
Monnier chose the tried and tested strategy of:

>> IPSEC is very widely used for infrastructure VPNs and is not
>> proprietary. Cisco interoperates with Checkpoint interoperates with
>> Draytek interoperates with OpenVPN ....... Never found a problem in
>> dozens of cases.
>
> In which sense do they "interoperate"?

Which 'they' are you referring to?

>> OpenVPN is proprietary and will not work with a Draytek router.
>
> In which sense is OpenVPN proprietary?

There's only one implementation of the OpenVPN protocol [that I know of -
recompiling for different platforms and writing pretty front ends don't
count as reimplementations in my book]. OpenVPN Solutions LLC [the copyright
holder] are therefore in a position to dictate what the OpenVPN protocol
consists of, for example, changing the default UDP port. Anyone can take the
source and extend it in ways that make it incompatible with OpenVPN, at
which point it's no longer OpenVPN.

--
<http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm(a)ale.cx)
20:09:39 up 37 days, 4 min, 5 users, load average: 0.00, 0.02, 0.05
DIMENSION-CONTROLLING FORT DOH HAS NOW BEEN DEMOLISHED,
AND TIME STARTED FLOWING REVERSELY