Also, most implementations of PPTP use MSCHAPv2 for password authentication which has been crackable for years. Yet many people still use it because it's easy and widely supported. It's definitely not recommended if you want to assure protection for the password or the network being connected to.

On Fri, Apr 19, 2013 at 2:15 AM, Simeon Miteff <simeon.miteff@gmail.com> wrote:

(Please trim inclusions from previous messages)
_______________________________________________

On Fri, Apr 19, 2013 at 8:05 AM, <kb9mwr@gmail.com> wrote:

So how does PPTP compare to openvpn?

Technically PPTP uses an out-of-band connection to establish a GRE tunnel with PPP inside on fixed port numbers, while OpenVPN transports encapsulated packets and does signalling over a single port. Presumably that makes OpenVPN more flexible. There are other pros/cons like security and device support, but I don't think those are very relevant to Ham stuff.

As an aside, I've been using Linux-based tunnels over a radio network (albeit it is a IPv6 only Wifi mesh, not AX.25) for a while, first IPIP6 + IPSec/Racoon and then I switched to TINC (in bridging mode) because of some bugs I picked up with Linux IPSec policies.

TINC with UDP transport seems to work quite reliably even in the face of lossy links, and the overhead is acceptable. Personally I find it easier to configure TINC than OpenVPN (however, OpenVPN is perfectly good over UDP also - except that it didn't work for me due to the lack of support for IPv6 tunnel endpoints).

_________________________________________
44Net mailing list
44Net@hamradio.ucsd.edu
http://hamradio.ucsd.edu/mailman/listinfo/44net
http://www.ampr.org/donate.html