I'm very new to VPNs (ie, less than 48 hours) and I just set up a simple VPN between two XP computers, and was surprised how easy it was.
On my end, I have an XP Home laptop running the built-in VPN server - it shows up in Network Connections under "Incoming" and is set to:
- allow callers to access my local area network
- specifiy TCP/IP addresses from 10.0.0.1 through 10.0.0.10
- allow calling computer to specify its own IP address
On the other end is an XP Professional laptop that is set up as a client - it shows up in Network Connections under "Virtual Private Network" and calls itself a WAN Miniport (PPTP) device.
When the client connects, it logs in without complaint, gets the address of 10.0.0.4 and is able to communicate with the server at
10.0.0.1. I'm assuming this is all done over the encrypted tunnel between the two systems.I have these questions:
Regarding the client setup, under the "security" tab of the properties dialog, under the "Advanced (custom settings)" area, there are a few options. What is the difference between these two options under data encryption?
- require encryption (disconnect if server declines)
- Maximum strength encryption (disconnect if server declines) I'm looking for bits, algorithm, differences in key exchange, etc. I'm no crypto expert but I did read Applied Cryptography while staying at a Holiday Inn Express once, so I'm not completely clueless.
Are XP's VPN client/server believed to be reasonably secure, or are they like so many other Windows products in that there are constant streams of bugs, endless vulnerabilities, poor implementations of good ideas, etc that hinder security?
I'm not going to send nuclear bomb plans over this connection (I have carrier pigeons for that) but I'd like to know whether or not the Windows XP VPN software is worthwhile, or if it's just pretend security that uses triple-ROT13.
Thank you in advance.