Having recently acquired ADSL at home I’ve setup a VPN link to my personal box offsite. Currently this is a pptp link with CHAP authentication, no encryption and no compression. So I was looking at the two separate (window compatible) options: pptp+mppe or ipsec+l2tp. Both will provide a ‘safer’ connection than plain vanilla packet encapsulation.

Unfortunately mppe requires a kernel recompile, so that’s a lot of work. If you’re doing the kernel patch, you might as well add mppc, and FUSE too.

IPsec is also a twisted tale. To get IPsec working with NAT you have to make sure you have the latest (and then some) versions of *swan with all the required NAT-T patches.

Currently I’m looking at the IPsec route because I’m hoping that it requires ‘only’ patching usermode code.

Comments are closed.