[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] PPTP VPN Connection Windows XP client - Linux Server



Hi Stefan!  

On Wed, 18 Feb 2004, Stefan Gofferje wrote:

> Usage of PPTP is mandatory. Not all clients are capable of IPSEC.

I am a little confused.  You said all clients are Win-XP, yet afaik
ipsec is built-in.

> And 
> the solution must be "(Windows-)enduser-compatible"...

Need to script it :-( At least vbs and jscript are workable scripting
languages.

> However, using IPSEC would cause the same problem - how to get a Windows 
> box to establish the VPN at startup and use a static route to the remote 
>  LAN while leaving the default route pointing at the local internet 
> gateway.

The IPSEC client I have (Symantec Enterprise VPN Client*) seems to
leave default route untouched without special effort.  I attach before
and after routing tables.  This in W2K.  Hope that XP is similar :-)

Put client shortcut in desktop startup folder and will probably be
ok.

Regards, dproc
(describing my vpn is a good place not to use my real name - sorry)
(*SEVPNC was proprietary around USD 30 per seat or bundled with some
appliances last time I looked.  As OP said it comes with a simple
personal firewall and does not seem to route between networks.  Win
box probably needs to be backdoor'd/trojan'd to allow attacker to
attack corporate network)

************
** BEFORE **
************
$ route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 20 e0 70 c2 c4 ...... Intel 8255x-based Integrated Fast Ethernet

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.2.201    192.168.2.33       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.2.0    255.255.255.0     192.168.2.33    192.168.2.33       1
     192.168.2.33  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.2.255  255.255.255.255     192.168.2.33    192.168.2.33       1
        224.0.0.0        224.0.0.0     192.168.2.33    192.168.2.33       1
  255.255.255.255  255.255.255.255     192.168.2.33    192.168.2.33       1
Default Gateway:     192.168.2.201
===========================================================================
Persistent Routes:
  None

***********
** AFTER **
***********
$ route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 20 e0 70 c2 c4 ...... Intel 8255x-based Integrated Fast Ethernet

===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.2.201    192.168.2.33       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.2.201    192.168.2.33       1
      192.168.2.0    255.255.255.0     192.168.2.33    192.168.2.33       1
     192.168.2.33  255.255.255.255        127.0.0.1       127.0.0.1       1
    192.168.2.255  255.255.255.255     192.168.2.33    192.168.2.33       1
        224.0.0.0        224.0.0.0     192.168.2.33    192.168.2.33       1
  255.255.255.255  255.255.255.255     192.168.2.33    192.168.2.33       1
Default Gateway:     192.168.2.201
===========================================================================
Persistent Routes:
  None


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here