<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Frame errors with Cipe-Win32
From: "Damion K. Wilson" <dkw,AT,rcm,DOT,bm>
Date: Sat, 4 Nov 2000 21:35:14 +0100
In-reply-to: <Pine.OSF.4.10.10011041317490.7547-100000@kosh.hut.fi>

Yes, I know about the export regs, but I'm not going to go upgrade all 30
or so NT desktops just for that, especially since the passwords are held in
plaintext (well, it seems like it) anyway :-/

If you specify an empty static key, CIPE-Win32 will not use encryption

Yes, I know about the VPN/Vendor issues. Earlier this year, I embarked on a
journey of discovery through the land of VPN solutions and standards. I
quickly found out that everything has problems. I gravitated to CIPE
because the engineering seemed sound (complete with explanations, thanks
Olaf) and it was simple. I looked at TUN/TAP too, but it's more
I only wrote CIPE-Win32 because I needed to support road warriors.


*********** REPLY SEPARATOR  ***********

On 11/4/00 at 1:44 PM Ville Voipio wrote:

>> Thanks. This situation is interesting, to say the least. I'm running SP5
>> everywhere without 128bit encryption (outside U.S., you see). All your
>> settings look fine to me, too.
>In case you are not aware, the stupid U.S. export regulations just
>changed. (As you can see from my address, I am very far outside of the US
>of A ;) So, evetyone everywhere can get the 128-bit encryption by just
>downloading some files.
>If you want to get the better encryption, you'll get it by downloading IE
>5.01 SP 1:
>  http://www.microsoft.com/windows/ie/download/ie501sp1.htm
>This explorer automatically upgrades to 128-bit security. After the
>upgrade, you'll have to apply the Service Pack 6a with 128-bit security.
>There are two sets of SP's, one set for 40-bit and one for 128-bit
>And -- as far as I know -- there is no way to downgrade back to 40-bit
>(there shouldn't be any need), so if you do the above, be careful...
>> it's sounding like. Try changing the static key to some other value,
>> in case there's a bug in my code there. I don't think there's a routing
>> issue here because the packets reach the interfaces on both sides, in
>> directions.
>I have tried different keys, including 128 1's, which should be about as
>unambiguous as it can get. BTW, is there any way of turning off the
>encryption in NT? The linux version seems to offer such option.
>> BTW: Cipe-Win32 Beta 12 (should I start calling it PRE-whatever ?) is
>> looking pretty good...
>Great! And thank you very much for all the work you've been carrying out
>to make this thing work. Cipe seems to be the only really working
>IP-IP-tunneling thing around. Proprietary VPN's exist, but they are not a
>viable solution (including IPsec) in practice.
>Best regards,
>- Ville

<< | Thread Index | >> ]    [ << | Date Index | >> ]