I have successfully established a pptpd connection between my Ubuntu
desktop and a dedicated centos 5 server using the excellent debugging
guide Diagnosing Forwarding on pptpd by James Cameron.
From the diagrams therein, I understand that the connection from client
to server is encrypted but I am unsure about the connection from the
server to the target and then from the target back to the client. Can
anyone enlighten me?
If the server-target-client connections are not encrypted, is there
anyway to pass the connection back through the server?
Thanks in advance for any assistance.
From: James Cameron <quozl@la...> - 2012-04-17 06:19:41
Some of the traffic representing your connections passes through pptpd,
and some may not; it may pass through other network interfaces. This
depends on how you have configured routing on the client.
Some of the metadata exchanged between the client and the server is not
encrypted. All of the IP packets are encrypted if pptpd is configured
to use MPPE.
The encryption is weak, in that it is RSA RC4 with only 128-bit session
keys, and these keys depend on data elements that are initially
exchanged in the clear. So I'm alarmed that you would ask, given how
easily the encryption can be attacked.
To answer your precise questions:
a. no, the traffic between the server and the target that represents
the connection between the client and the target, is not encrypted,
b. yes, the traffic between the client and the server that represents
your connection between the client and the target, is encrypted, if
pptpd is properly configured,
The simplified diagram on
http://poptop.sourceforge.net/dox/diagnose-forwarding.phtml and the
detailed diagrams that follow use a blue line, which is the line at the
bottom of each diagram, to represent the connection between the client
and the target. It doesn't represent the actual data flow.
And your question:
> If the server-target-client connections are not encrypted, is there
> anyway to pass the connection back through the server?
... doesn't make sense to me, sorry. I think you might misunderstand my