[colug-432] VPN types
Chris Anderson
canderson at foxtwo.net
Wed Dec 16 17:09:03 EST 2015
PPTP is a pretty old protocol that uses CHAP/PAP authentication for the
most part. I avoid using it because of the security issues, and the data is
passed via GRE, which does not play well with NAT.
L2TP often adds IPSEC to the mix while authenticating similarly to PPTP. It
is more secure than PPTP, but has a lot of the same drawbacks.
OpenVPN is ideal because it uses an SSL tunnel. If you choose TCP as the
tunnel type, chances are good you can get through most firewalls and NAT at
companies, hotels, coffee shops, etc. Using UDP there is a good chance it
will get blocked, but it is still more secure than L2TP or PPTP. OpenVPN
with TCP has some known performance issues if your network has a lot of
packet loss.
On Wed, Dec 16, 2015 at 3:54 PM, Rick Hornsby <richardjhornsby at gmail.com>
wrote:
>
> There are multiple VPN types out there - PPTP, L2TP, SSTP, OpenVPN (and
> subtypes UDP, TCP, "Proxy", and IPSec). I have an L2TP VPN server at home
> here in Kansas City, which I when I'm not at home. While I'm at work,
> however, I still use a VPN on my personal laptop that's connected to the
> (employee permitted) wifi. For that, a StrongVPN location in Chicago works
> out better and is faster.
>
> I'm using a VPN because the only WiFi I trust is my wifi at home.
> Everything else I treat as potentially hostile. Secondly, my personal
> traffic is none of my employer's (or really, the network people's) business.
>
> >From what I've read:
>
> * Stop using PPTP, it is based on very old Windows-era stuff that's weak
> and cryptographically broken
> * OpenVPN is the new hotness, and uses some kind of SSL tunneling. I
> don't understand the subtypes or why one subtype is better than the other.
>
> One of the downsides with OpenVPN is that it requires the StrongVPN
> client. There's no native support for OpenVPN in OS X.
>
> Otherwise, I don't really understand the different types or subtypes or
> why I would choose one over the other?
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20151216/06898880/attachment.html
More information about the colug-432
mailing list