PPTP isn 't exactly the most secure way because CHAP is easy to crack

[G+_James Coleman]

PPTP isn't exactly the most secure way because CHAP is easy to crack.

 

It would be better if you used OpenVPN for the security.

[G+_John Mink]

Yeah, they mentioned that in the show, but I'm with ya James. Would be cool they did a Know ow How on setting up OpenVPN.

[G+_James Coleman]

John Mink I was in the middle of configuring OpenVPN on my home server, but never did finish.

[G+_John Mink]

James Coleman i've started half a dozen times & always never finish >_<

 

Are you installing it on a home server or your router?

[G+_James Coleman]

John Mink Just my Mac Mini.

[G+_Fr. Robert Ballecer, SJ]

We mentioned the deprecated nature of CHAP, and I said that we would eventually show OpenVPN, but as far as "my beginning VPN" goes, there's few things simpler than the integrated VPN server within DD-WRT.

 

All with time... but we need to start at a place that most of our audience will understand.

[G+_John Mink]

Fr. Robert Ballecer, SJ thanks for the comment.  You're absolutely correct that PPTP isn't terribly vulnerable, and it's FAR better than nothing, especially with the understanding that it's not perfect, but it will beat a semi-casual pineappler.  I understand why you started with PPTP, and frankly if you said OpenVPN or nuttin, you'd lose a huge chunk of the people...and security is a constant cost/benefit analysis.  As we've said, we've both tried setting up OpenVPN a few times so we understand that its not that simple.

 

I am glad to hear you say you will get to an OpenVPN setup.  I guess I just got a bit excited as I've been meaning to do an OpenVPN setup for a while & I was hoping this would be exactly that.

 

<>

 

 

If I haven't already rambled on too long, I should ask you PadreSJ, would you recommend putting OpenVPN on the router (Buffalo ~ 2 years old, doing minimal work) or the Ubuntu machine I keep running 24/7 and already running a few services (idles <10% CPU load).

 

Is there any difference between putting it on either the desktop or router?  Also how can you tell if your router can't handle the job--is there a CPU gauge somewhere in DD-WRT or is it not that simple?

[G+_Fr. Robert Ballecer, SJ]

I've had great luck with Buffalo DD-WRT setups, and I really like installations on embedded gear. It's not as flexible, but it certainly is cooler, ain't it?! :)

 

As for your second question, I find that stress testing works far better than resource monitors. Whenever I'm going to deploy a custom device, I set it up EXACTLY as I want it deployed, then I throw all the nightmare scenarios I have... I max out the wireless clients, go crazy with the Metasploit framework, max out the wired side, and do every stupid thing a user might try.

 

Granted, I have a few boxes that help me do all that work automatically (Tipping Point, Ixia, Xirrus) but I find that even doing it on a small scale gives you plenty of data points about what your router can and cannot handle. (i.e. The original Linksys WRT54Gs can handle next to nothing before they start to tip over.) :)

[G+_John Mink]

Fr. Robert Ballecer, SJ true, there's always something cool about making embedded devices do some extra work :p

 

And good point on stress testing, it's a super useful tool, and I should probably be doing more of it anyway!

 

I'm glad to hear that my Buffalo should be able to keep up with the task!  I'll keep an eye out for the episode with OpenVPN, but if next week is cable management...oh boy do I need that >_<