I use softether And it's perfect Diaolin
--- ala fin l'ei sol parole tut sta smania maledeta la se strenge entorn, menudola, e le not l'รจ le orazion de na cigaia 'mbarlumada da la luna Il giorno 14:32 15/set/2014, alle ore 14:32, Paul Gray <g...@cs.uni.edu> ha scritto: >On 09/15/2014 06:38 AM, Lutz Markus Willek wrote: >> Hey There, >> >> PPTP has always been considered rather week security but a flaw in >MSChapv2 indicates it is even less secure than we ever believed. >MSChapv2 is the "most secure" authentication protocol used with PPTP! >> So PPTP turns to the least secure VPN solution. >> In Fact PPTP is so insecure, it should be considered unencrypted. >> Avoid this. > >Lutz++ > >PPTP's encryption strength is limited by the randomness of the user's >password, which is typically weak. > >From Schneider's analysis here: >"However, the fundamental weakness of the authentication and encryption >protocol is that it is only as secure as the password chosen by the >user." > (https://www.schneier.com/paper-pptpv2.html) > >I've set up numerous VPNs: OpenSwan, StrongSwan, FreeSwan, OpenVPN, >racoon/IPSec, PoPToP, ... > >But lately I've been using SoftEther (on Linux) for my VPN server >infrastructure. Very configurable and extremely interoperable >with established VPN clients. > >SoftEther works with the default Android, Windows (7/8/Tablet) and >Linux >VPN client software without additional software installs. So it's a >good solution for "working for everyone" out of the box. It also makes >documenting the connection to your services a lot more manageable since >you don't need to document 20+ vendor VPN client variations to get your >users connected. > >For a SoftEther production usage case: I presently have 60 VMs on one >of my Proxmox clusters that are used for System Security classes that I >teach. These VMs are required to be "off the net," yet must be >accessible to the students 24/7. Students have been tapping in with >their clients to the SoftEther VPN all term without problems. > >For various logistic reasons, my SoftEther VPN server is set up on a >bare metal system alongside of the Proxmox cluster that is connected to >the backend network where the student VMs reside. > >There's no reason the SoftEther server could not be run the head of a >Proxmox install, and this would be what I'd recommend if your logistics >limit you to deployment only on the Proxmox head end. > >-- >Paul Gray -o) >314 East Gym, Dept. of Computer Science /\\ >University of Northern Iowa _\_V > Message void if penguin violated ... Don't mess with the penguin > No one says, "Hey, I can't read that ASCII attachment ya sent me." >_______________________________________________ >pve-user mailing list >pve-user@pve.proxmox.com >http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
_______________________________________________ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user