![]()
![]() |
Resource links for Security Now! Episode #17:
|
![]() All versions of Windows dating from Windows 95, have supported PPTP (point to point tunneling protocol) somewhat secure (encryption but weak authentication) VPN operation to interconnect Windows machines. The "New Connection Wizard" in Windows XP has made setting up inter-machine VPN connections quite simple. ![]() Bob Cerelli's often-cited pages provide simple step-by-step directions for configuring each end of the connection: ![]() ![]() ![]() ![]() ![]() If you plan to connect to a machine behind a NAT router from outside, you will need to setup static port forwarding for TCP protocol traffic arriving at the router's port 1723 and also for the GRE protocol 47. Both types of traffic will need to be forwarded to the server's IP behind your NAT router. If your router supports any sort of VPN or PPTP pass-through you'll also want to make sure that's enabled. And don't forget to use the same "Workgroup Name" at both ends. ![]() Finally, remember that Windows PPTP VPN connections only offer weak security and privacy protection. Since it does not provide strong authentication, it can be fooled into lowering its connection strength, and is subject to MITM (man in the middle) attacks.
The service's weaknesses are that since it uses standard VPN protocols, they are subject to being filtered and blocked by the user's local connectivity provider (WiFi hotspot, hotel, or ISP). Also, since PPTP uses weak authentication and PublicVPN's L2TP/IPSec uses a system-wide common pre-shared key known to everyone, there is little protection from determined man-in-the-middle (MITM) attacks. Still, as a "much better than nothing" affordable solution, PublicVPN is definitely worth a look.
|
![]() | Gibson Research Corporation is owned and operated by Steve Gibson. The contents of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy. |
Last Edit: May 04, 2013 at 18:12 (3,798.71 days ago) | Viewed 2 times per day |