I have an Ubuntu Server (headless) box, which needs to establish a PPTP connection (as client) to a PPTP server elsewhere. The box's sole purpose is to connect to the VPN, and download files for backup purposes. So keeping the VPN connection up is important. After an afternoon Googling all I've come up with are several dozen ways to skin the same cat, and the cat is feeling a bit unloved. So any recommendations? Mark -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
On 05/06/13 15:39, Mark Rogers wrote:
I have an Ubuntu Server (headless) box, which needs to establish a PPTP connection (as client) to a PPTP server elsewhere.
The box's sole purpose is to connect to the VPN, and download files for backup purposes. So keeping the VPN connection up is important.
After an afternoon Googling all I've come up with are several dozen ways to skin the same cat, and the cat is feeling a bit unloved. So any recommendations?
Sorry, I don't know the answer to your question. My first thought was why not using ssh. I looked up pptp at http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security and I read this "PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment. PPTP is (as of Oct 2012) considered cryptographically broken and its use is no longer recommended by Microsoft." <http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#cite_note-7> That made me think! My first though was that any VPN worth it's salt should surely be able to make a connection "on-the-fly" as and when needed, surely? I know this doesn't help, (sorry) by for remote backing up, I'd be thinking of rsync over ssh, or using something like unison, or Backuppc. Sorry I can't be more helpful. Steve
On Wed, 5 Jun 2013 15:39:51 +0100 Mark Rogers <mark@quarella.co.uk> allegedly wrote:
I have an Ubuntu Server (headless) box, which needs to establish a PPTP connection (as client) to a PPTP server elsewhere.
The box's sole purpose is to connect to the VPN, and download files for backup purposes. So keeping the VPN connection up is important.
After an afternoon Googling all I've come up with are several dozen ways to skin the same cat, and the cat is feeling a bit unloved. So any recommendations?
Alternative skinnings come to mind. Does it /have/ to be over a PPTP tunnel (because that is all that is available at the other end)? If you have to use a VPN, why not openvpn, or an ssh tunnel? But if you don't actually /have/ to use the VPN, why not scp, or rsync over ssh (which wouldn't need the persistent connection)? Mick --------------------------------------------------------------------- blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 ---------------------------------------------------------------------
On 5 June 2013 19:11, mick <mbm@rlogin.net> wrote:
Alternative skinnings come to mind. Does it /have/ to be over a PPTP tunnel (because that is all that is available at the other end)? If you have to use a VPN, why not openvpn, or an ssh tunnel? But if you don't actually /have/ to use the VPN, why not scp, or rsync over ssh (which wouldn't need the persistent connection)?
It's a bit convoluted but yes it does "have to" be via PPTP, for some reasonably high value of "have to". That said, security isn't particularly the issue it's trying to solve (it's mostly about providing a static IP). (The files that are being downloaded aren't on the box that hosts the VPN.) The VPN is mainly there for Windows users to access a service via a static IP, and sadly PPTP is by far the easiest option for Windows users. I found some reasonable information at https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/567697 .. which I'm trying out. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
Mark Rogers wrote:
[...] The VPN is mainly there for Windows users to access a service via a static IP, and sadly PPTP is by far the easiest option for Windows users.
I don't have to do this much from Windows, but the last time I tried, the restart options on openvpn made it much more reliable than trying to keep PPTP or a ssh tunnel up. It can be installed as a service or it can be started from a system tray icon. It ran for years and rarely needed any admin intervention, which was just as well as it was a 2 day trip for its admin to reach it! Distributing openvpn.exe and the necessary configuration, keys and certificates isn't that hard if you have some distribution channel already set up. It also means you avoid the reported PPTP security horror stories. Hope that helps, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and library systems developer. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire (including development) at http://www.software.coop/
On 6 June 2013 11:53, MJ Ray <mjr@phonecoop.coop <mailto:mjr@phonecoop.coop>> wrote: I don't have to do this much from Windows, but the last time I tried, the restart options on openvpn made it much more reliable than trying to keep PPTP or a ssh tunnel up. It can be installed as a service or it can be started from a system tray icon. It ran for years and rarely needed any admin intervention, which was just as well as it was a 2 day trip for its admin to reach it! To be fair the PPTP configuration I have now seems to be pretty "reliable", in as much as the server was kicking the client off for inactivity (which I hadn't realised) and looking at the logs it faithfully re-connected all through the night. I think I'll put some monitoring in place and worry about it if it fails to work as expected. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0844 251 1450 Registered in England (0456 0902) @ 13 Clarke Rd, Milton Keynes, MK1 1LG
participants (4)
-
Mark Rogers -
mick -
MJ Ray -
steve-ALUG@hst.me.uk