blog icon Twitter Icon RSS Icon



Supplemental Resources and Links for Episode #17

Resource links for Security Now! Episode #17:

PPTP and IPSec VPN Solutions

 Configuring Windows built-in PPTP VPN Client and Server:
All versions of Windows dating from Windows 95, have supported PPTP (point to point tunneling protocol) somewhat secure (encryption but weak authentication) VPN operation to interconnect Windows machines. The "New Connection Wizard" in Windows XP has made setting up inter-machine VPN connections quite simple.

Bob Cerelli's often-cited pages provide simple step-by-step directions for configuring each end of the connection:

    Configuring the Windows XP VPN Server

    Configuring the Windows XP VPN Client

If you plan to connect to a machine behind a NAT router from outside, you will need to setup static port forwarding for TCP protocol traffic arriving at the router's port 1723 and also for the GRE protocol 47. Both types of traffic will need to be forwarded to the server's IP behind your NAT router. If your router supports any sort of VPN or PPTP pass-through you'll also want to make sure that's enabled. And don't forget to use the same "Workgroup Name" at both ends.

Finally, remember that Windows PPTP VPN connections only offer weak security and privacy protection. Since it does not provide strong authentication, it can be fooled into lowering its connection strength, and is subject to MITM (man in the middle) attacks.

 Microsoft's guide to their L2TP/IPSec VPN Client (Word doc file)
This June 2000 Microsoft Word document shows them deprecating their original PPTP VPN solution in favor of the new L2TP/IPSec VPN solution.

 This is the defensive "Microsoft's Head in the Sand" VPN FAQ page where they endlessly attempt to justify their brain-dead stance of deliberately not allowing their VPN clients to interoperate with other third-party equipment such as super-popular VPN endpoint routers. As a result VPN router users are forced to purchase ($39) and add third-party VPN client software to a Windows system which, essentially, already has it.

 A good Microsoft launching point page for many other MIcrosoft pages discussing and explaing VPN configuration and opertion.

 Microsoft's Step-by-Step Guide to IPSec
For users with fixed endpoint IPs this guide can be used for establishing very secure VPN tunnels between Microsoft systems.



Non-Microsoft Resources:

 Toms Networking "Small Net Builder" VPN FAQ

 Public VPN Service
PublicVPN.com is an inexpensive ($5.95/mo or $59.95/year) provider of PPTP and L2TP/IPSec services. Since it is compatible with with the existing VPN clients available for Windows, Macintosh and probably other operating systems, it represents a very useful means for allowing traveling road warrior users to obtain easy-to-use and affordable encrypted access to the Internet. As we know, this is especially important in WiFi and Hotel LAN settings.

The service's weaknesses are that since it uses standard VPN protocols, they are subject to being filtered and blocked by the user's local connectivity provider (WiFi hotspot, hotel, or ISP). Also, since PPTP uses weak authentication and PublicVPN's L2TP/IPSec uses a system-wide common pre-shared key known to everyone, there is little protection from determined man-in-the-middle (MITM) attacks.

Still, as a "much better than nothing" affordable solution, PublicVPN is definitely worth a look.

 HotSpot VPN Service
HotSpotVPN.com is a VERY interesting looking SSL-based Public VPN service. I'm in the process of learning more about it so that I can provide a full report.



Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: May 04, 2013 at 18:12 (3,798.71 days ago)Viewed 2 times per day