<html><head></head><body><p dir="ltr">I use softether And it's perfect</p>
<p dir="ltr">Diaolin</p>
<p dir="ltr">---<br>
ala fin l'ei sol parole tut sta smania maledeta<br>
la se strenge entorn, menudola,<br>
e le not l'è le orazion de na cigaia<br>
'mbarlumada da la luna</p>
<div class="gmail_quote" >Il giorno 15/set/2014, alle ore 14:32, Paul Gray <<a href=mailto:gray@cs.uni.edu target=_blank>gray@cs.uni.edu</a>> ha scritto:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">On 09/15/2014 06:38 AM, Lutz Markus Willek wrote:<br /><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hey There,<br /> <br /> PPTP has always been considered rather week security but a flaw in MSChapv2 indicates it is even less secure than we ever believed. MSChapv2 is the "most secure" authentication protocol used with PPTP!<br /> So PPTP turns to the least secure VPN solution. <br /> In Fact PPTP is so insecure, it should be considered unencrypted.<br /> Avoid this.<br /></blockquote><br />Lutz++<br /><br />PPTP's encryption strength is limited by the randomness of the user's<br />password, which is typically weak.<br /><br />From Schneider's analysis here:<br /> "However, the fundamental weakness of the authentication and encryption<br />protocol is that it is only as secure as the password chosen by the user."<br /> (<a
href="https://www.schneier.com/paper-pptpv2.html">https://www.schneier.com/paper-pptpv2.html</a>)<br /><br />I've set up numerous VPNs: OpenSwan, StrongSwan, FreeSwan, OpenVPN,<br />racoon/IPSec, PoPToP, ...<br /><br />But lately I've been using SoftEther (on Linux) for my VPN server<br />infrastructure. Very configurable and extremely interoperable<br />with established VPN clients.<br /><br />SoftEther works with the default Android, Windows (7/8/Tablet) and Linux<br />VPN client software without additional software installs. So it's a<br />good solution for "working for everyone" out of the box. It also makes<br />documenting the connection to your services a lot more manageable since<br />you don't need to document 20+ vendor VPN client variations to get your<br />users connected.<br /><br />For a SoftEther production usage case: I presently have 60 VMs on one<br />of my Proxmox clusters that are used for System Security classes that I<br
/>teach. These VMs are required to be "off the net," yet must be<br />accessible to the students 24/7. Students have been tapping in with<br />their clients to the SoftEther VPN all term without problems.<br /><br />For various logistic reasons, my SoftEther VPN server is set up on a<br />bare metal system alongside of the Proxmox cluster that is connected to<br />the backend network where the student VMs reside.<br /><br />There's no reason the SoftEther server could not be run the head of a<br />Proxmox install, and this would be what I'd recommend if your logistics<br />limit you to deployment only on the Proxmox head end.<br /></pre></blockquote></div></body></html>