Topic: pptp vs ipsec - is one faster than the other?

[david bakody]

I've been using the pptp vpn feature of e-smith.  It seems to work nicely as I'm on a cable modem at home as well as at my office.  Although I'm happy with the performance, I was curious - would I see much of a performance difference going with ipsec instead of pptp?

[Jeff Lynes]

PPTP should be faster than IPSec.  IPSec is a more computationaly intense algorith which makes it more secure.  With today's modern hardware, the performance difference shouldn't be seen until you add a large number of VPN users.  If you are using it for yourself and a couple of others, the difference wouldn't be noticable.  

As is typically the case with security, the more secure it is, the more horsepower it takes.  I would use IPSec over PPTP in a heartbeat, the only problem is finding a VPN client that will work.  I have not had any experience with the e-smith (free S/WAN) ipsec.  PPTP is built in to Win2k and WinXP.

Jeff

[Todd Pearsall]

As the other poster said, IPSec is WAY more secure than PPTP.

If you are connecting 2 LANs (ie. gateway to gateway) then the FreeS/WAN IPSec is pretty easy to set up and I think there is a how-to around even.

If you are doing a road-warrior to gateway (PC on the net somewhere to an SME) box then the FreeS/WAN stuff gets trickier.  Win2K and above have IPSec built in and people have it working, but I've never been able to.  There are some other IPSec clients out there like the comercial version of PGPvpn or SSH Sentinel, but they are commercial products.

[simon]

OK,

I know this will sound lame, but here it goes.  I Have WIN2K at home and SME 5.1 at work.  I have a nailed up DSL at home and a T1 at work.  I have successfully established a VPN connection from home to work, but am unable to "see" my work network.  I was able to FTP a file from home to work, but what I really need is to see and mount some of my I-Bays.  Am I missing something simple here?  I seems that when I connect and my machine is registered on the remote network, I ought to be able to browse it?!?  I know I am connected by what I see in the log files at work, but I can't view the network.

Any ideas?

[Terry Brummell]

Have you tried changing DNS and WINS on your 2K box to point to the SME server as 1st choice, then your ISP (or whatever your current settings are) as 2nd choice?  That's what I have to do to get my VPN to the office to work.