Re: Encapsulation in VPN

IPSec and PPTP are more popular. The PPTP is using for client to server.
IPSec can be used as cleint to server or site to site VPN. This search
result may help.

Virtual Private NetworksLearn about the Microsoft commitment to support VPN
interoperability through standards such as L2TP/IPsec and PPTP. Connecting
Remote Users to Your Network ...
technet.microsoft.com/en-us/network/bb545442.aspx


--
Bob Lin, Microsoft-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"karthikbalaguru" <(E-Mail Removed)> wrote in message
news:390def23-0826-447f-9cec-(E-Mail Removed)...
> Hi,
> For data ecapsulation, VPN relies on either of the
> following technologies like GRE , IPSec, L2F,
> PPTP and L2TP . But, which of the above
> technologies is popular ? If they vary based
> on the requirements, can you pls lemme know
> a document/link that maps the technologies
> against the requirements w.r.t VPN ?
>
> Thx in advans,
> Karthik Balaguru

On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:

> On Dec 19, 10:22Â*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
> wrote:
>> IPSec and PPTP are more popular. The PPTP is using for client to
>> server. IPSec can be used as cleint to server or site to site VPN. This
>> search result may help.
>>
>>
> Thx for your response. But it seems that PPTP can support only one
> tunnel at a
> time for each user. Therefore, its proposed successor, L2TP (a hybrid of
> PPTP
> and another protocol, L2F ) can support multiple, simultaneous tunnels
> for
> each user.
>
> So, shouldn't L2TP be popular ?
>
> PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
> premise
> equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
> a CPE
> to CPE tunnel. Refer-
> http://www.networkdictionary.com/networking/vpn.php
>
> Further from another link from internet, i found that it seems that PPTP
> separates the control and data channels into control stream that runs
> over
> TCP and a data stream that runs over GRE (a less popular Internet
> standard).
> But, in contrast L2TP combines the control/data channels and uses
> high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
> -- a crucial advantage for an extranet protocol -- since most firewalls
> do not support GRE.
>
> So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
>
> Thx in advans,
> Karthik Balaguru

i don't know much about VPN, but i do believe it's a field
dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...

"goarilla" <(E-Mail Removed)> wrote in message
news:4b2d5444$0$2856$(E-Mail Removed)...
> On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:
>
>> On Dec 19, 10:22 pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
>> wrote:
>>> IPSec and PPTP are more popular. The PPTP is using for client to
>>> server. IPSec can be used as cleint to server or site to site VPN. This
>>> search result may help.
>>>
>>>
>> Thx for your response. But it seems that PPTP can support only one
>> tunnel at a
>> time for each user. Therefore, its proposed successor, L2TP (a hybrid of
>> PPTP
>> and another protocol, L2F ) can support multiple, simultaneous tunnels
>> for
>> each user.
>>
>> So, shouldn't L2TP be popular ?
>>
>> PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
>> premise
>> equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
>> a CPE
>> to CPE tunnel. Refer-
>> http://www.networkdictionary.com/networking/vpn.php
>>
>> Further from another link from internet, i found that it seems that PPTP
>> separates the control and data channels into control stream that runs
>> over
>> TCP and a data stream that runs over GRE (a less popular Internet
>> standard).
>> But, in contrast L2TP combines the control/data channels and uses
>> high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
>> -- a crucial advantage for an extranet protocol -- since most firewalls
>> do not support GRE.
>>
>> So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
>>
>> Thx in advans,
>> Karthik Balaguru
>
> i don't know much about VPN, but i do believe it's a field
> dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...
>

I would say that PPTP maintains its popularity with small to medium sized
organisations because it does not require certificates. If you have an
established certificate system in your organisation (and a person capable of
maintaining it), L2TP is the obvious choice.

If you do not, setting up and maintaining this simply to support a few
dialup VPN clients is a big ask. Making a few changes to your firewall for
GRE is pretty minor by comparison.

Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, bod43
chose the tried and tested strategy of:

> Draytek interoperates with OpenVPN

OpenVPN is proprietary and will not work with a Draytek router.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
09:47:26 up 22 days, 13:40, 8 users, load average: 0.00, 1.02, 1.32
Plant food is a made up drug

karthikbalaguru <(E-Mail Removed)> wrote:
> On Dec 19, 10:22Â*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
> wrote:
>> IPSec and PPTP are more popular. The PPTP is using for client to server.
>> IPSec can be used as cleint to server or site to site VPN. This search
>> result may help.
>>
>
> Thx for your response. But it seems that PPTP can support only one
> tunnel at a
> time for each user. Therefore, its proposed successor, L2TP (a hybrid
> of PPTP
> and another protocol, L2F ) can support multiple, simultaneous tunnels
> for
> each user.
>
> So, shouldn't L2TP be popular ?

I think you should know that "what is popular" is not determined by
what can do most, what is technically superior and other such reasons
that you run in to when you do a comparison of VPN technologies as
a technician.

What is popular is determined by what sells best, or what is part of
something that already sells best. When it can do the job, it is used.

> On 19 Dec, 22:31, goarilla <kevin.pau...@skynet.remove-this.be> wrote:
>> On Sat, 19 Dec 2009 14:09:33 -0800, karthikbalaguru wrote:
>>> On Dec 19, 10:22*pm, "Bob Lin \(MS-MVP\)" <nore...@chicagotech.net>
>>> wrote:
>>>> IPSec and PPTP are more popular. The PPTP is using for client to
>>>> server. IPSec can be used as cleint to server or site to site VPN. This
>>>> search result may help.
>>
>>> Thx for your response. But it seems that PPTP can support only one
>>> tunnel at a
>>> time for each user. Therefore, its proposed successor, L2TP (a hybrid of
>>> PPTP
>>> and another protocol, L2F ) can support multiple, simultaneous tunnels
>>> for
>>> each user.
>>
>>> So, shouldn't L2TP be popular ?
>>
>>> PPTP and L2TP are the layer 2 VPN technologies from CPE (customer
>>> premise
>>> equipment) to CPE. IPSec is the primary layer 3 VPN technology providing
>>> a CPE
>>> to CPE tunnel. Refer-
>>> http://www.networkdictionary.com/networking/vpn.php
>>> Further from another link from internet, i found that it seems that PPTP
>>> separates the control and data channels into control stream that runs
>>> over
>>> TCP and a data stream that runs over GRE (a less popular Internet
>>> standard).
>>> But, in contrast L2TP combines the control/data channels and uses
>>> high-performance UDP. This makes L2TP more "firewall friendly" than PPTP
>>> -- a crucial advantage for an extranet protocol -- since most firewalls
>>> do not support GRE.
>>
>>> So, i wonder how PPTP is popular compared to L2TP ? Any ideas ?
>>> Thx in advans,
>>> Karthik Balaguru
>>
>> i don't know much about VPN, but i do believe it's a field
>> dominated by proprietary/gateway solutions: cisco vpn, intel vpn, ...
>
> No.
>
> IPSEC is very widely used for infrastructure VPNs and is
> not proprietary. Cisco interoperates with Checkpoint interoperates
> with Draytek interoperates with OpenVPN ....... Never found
> a problem in dozens of cases.
>
> What is often proprietary are the VPN client solutions where
> one of the VPN endpoints is an individual PC.
>
> Cisco, Microsoft, Checkpoint all have their own proprietary
> inplementations.

I wouldn't say it's proprietary between Microsoft and Cisco, for after
all, THEY developed L2TP as a joint venture, which became an industry
standard.

L2TPIn order to make use of the features of both PPTP and L2F, L2TP was
developed in a joint venture between Microsoft and Cisco. ...
http://zaielacademic.net/security/l2tp.htm

Some companies do have their own propietary stuff, such as OpenVPN, but
I haven't used it, so I can't comment on it.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

"Bill Grant" <not.available@online> wrote in message
news:(E-Mail Removed)...
>
> I would say that PPTP maintains its popularity with small to medium
> sized organisations because it does not require certificates. If you have
> an established certificate system in your organisation (and a person
> capable of maintaining it), L2TP is the obvious choice.

Could use a pre-shared key for the L2TP which is about like using a
password. However I just use PPTP being the small to medium size kinda guy
that I am :-)

--
Phillip Windell

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

> IPSEC is very widely used for infrastructure VPNs and is not
> proprietary. Cisco interoperates with Checkpoint interoperates with
> Draytek interoperates with OpenVPN ....... Never found a problem in
> dozens of cases.

In which sense do they "interoperate"?

> OpenVPN is proprietary and will not work with a Draytek router.

In which sense is OpenVPN proprietary?

> If you do not, setting up and maintaining this simply to support a few
> dialup VPN clients is a big ask. Making a few changes to your firewall for
> GRE is pretty minor by comparison.

I went to the trouble of setting up a personal OpenVPN server (and
corresponding clients) specifically because of the endless problems
I had with firewalls when using PPTP (and I don't know about other
people, but I can't make any change to most of the firewalls to which
I'm exposed; and even when I could I still had problems when several
machines within the same NAT subnet tried to use the same VPN).


Stefan

Meanwhile, at the comp.dcom.sys.cisco Job Justification Hearings, Stefan
Monnier chose the tried and tested strategy of:

>> IPSEC is very widely used for infrastructure VPNs and is not
>> proprietary. Cisco interoperates with Checkpoint interoperates with
>> Draytek interoperates with OpenVPN ....... Never found a problem in
>> dozens of cases.
>
> In which sense do they "interoperate"?

Which 'they' are you referring to?

>> OpenVPN is proprietary and will not work with a Draytek router.
>
> In which sense is OpenVPN proprietary?

There's only one implementation of the OpenVPN protocol [that I know of -
recompiling for different platforms and writing pretty front ends don't
count as reimplementations in my book]. OpenVPN Solutions LLC [the copyright
holder] are therefore in a position to dictate what the OpenVPN protocol
consists of, for example, changing the default UDP port. Anyone can take the
source and extend it in ways that make it incompatible with OpenVPN, at
which point it's no longer OpenVPN.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
20:09:39 up 37 days, 4 min, 5 users, load average: 0.00, 0.02, 0.05
DIMENSION-CONTROLLING FORT DOH HAS NOW BEEN DEMOLISHED,
AND TIME STARTED FLOWING REVERSELY

In message <jwv1vi85jff.fsf-monnier+(E-Mail Removed)>
Stefan Monnier <(E-Mail Removed)> was claimed to have wrote:

>> OpenVPN is proprietary and will not work with a Draytek router.
>
>In which sense is OpenVPN proprietary?

In the sense that OpenVPN built their own protocol rather than relying
on one of the existing standards.

There is a lot I like about OpenVPN, but the client side stuff is just
downright nasty to configure, maintain, or even use. It's great for
techies, but I couldn't imagine putting it in front of an end user.