Êòî-íèáóäü íàñòðàèâàë PPtP ïîâåðõ PPPoE?

[vectorm]

Äàâàéòå ïîéäåì îò ïåðâîèñòî÷íèêîâ:
VPN Technologies: Definitions and Requirements
VPN Protocols
RFC, ñâÿçàííûå ñ PPP
RFC1661 - The Point-to-Point Protocol (PPP)
RFC2516 - A Method for Transmitting PPP Over Ethernet (PPPoE)
È íàïîñëåäîê
RFC4026 - Provider Provisioned Virtual Private Network (VPN) Terminology

Òàê ÷òî, ñóäÿ ïî äîêóìåíòàì Êîíñîðöèóìà VPN, äàæå PPTP íå ìîæåò ñ÷èòàòüñÿ òðóÚ VPN.

[smi]

Äàâàéòå ïîéäåì îò ïåðâîèñòî÷íèêîâ:
...
Òàê ÷òî, ñóäÿ ïî äîêóìåíòàì Êîíñîðöèóìà VPN, äàæå PPTP íå ìîæåò ñ÷èòàòüñÿ òðóÚ VPN.

Ïîïîçæå åùå ðàç ïåðå÷èòàþ èíôó ïî ññûëêàì, íî ïîêà ÿ òàì íå íàøåë íè÷åãî òàêîãî, ÷òîáû PPPoE èëè PPTP íå ñ÷èòàòü VPN

[vectorm]

Èç ïåðâîé ññûëêè:

Code:

A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a decade. A virtual private network makes it possible to have the same protected sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets.

Èç âòîðîé ññûëêè:

Code:

For secure VPNs, the technologies that VPNC supports are

IPsec with encryption
L2TP inside of IPsec
SSL with encryption
For trusted VPNs, the technologies that VPNC supports are:
MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
Transport of layer 2 frames over MPLS ("layer 2 VPNs")

Ñóäÿ ïî ýòîìó PPTP - âñåãî ëèøü íàäñòðîéêà íàä PPP:
RFC2637 - Point-to-Point Tunneling Protocol (PPTP)
À ïî ýòîìó - îäèí èç ðàçíîâèäíîñòåé ïðîòîêîëîâ, ïîääåðæèâàþùèõ VPN:
What Is a Virtual Private Network?
Òàê ÷òî, åñëè èñïîëüçóþòñÿ IPsec, SSL, TLS èëè ëþáîé óïîìÿíóòûé âèä øèôðîâàíèÿ, òî ëþáîé èíêàïñóëèðîâàííûé òóííåëü ïîëó÷àåòñÿ òðóÚ VPN. Òóííåëè áåç øèôðîâàíèÿ òðàôèêà - íå VPN ñ òî÷êè çðåíèÿ Êîíñîðöèóìà VPN. ß òàê ïîíÿë.
Ïî ïîâîäó PPPoE:
 RFC2516 óïîìèíàåòñÿ, ÷òî ýòî íå òóííåëèðóþùèé ïðîòîêîë, çíà÷èò íå ìîæåò ñ÷èòàòüñÿ VPN ñ òåõíè÷åñêîé òî÷êè çðåíèÿ. Îáûâàòåëüñêóþ íå ðàññìàòðèâàþ.

[smi]

Èç ïåðâîé ññûëêè:

Code:

A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a decade. A virtual private network makes it possible to have the same protected sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets.

È? Ïîä ýòî îïðåäåëåíèå êàê-ðàç òàêè è ïîïàäàþò è PPTP, è PPPoE åñëè âû êîíå÷íî íå æåëàåòå ñóçèòü "the public telecommunication infrastructure" òîëüêî äî IP ñåòåé

Èç âòîðîé ññûëêè:

Code:

For secure VPNs, the technologies that VPNC supports are

IPsec with encryption
L2TP inside of IPsec
SSL with encryption
For trusted VPNs, the technologies that VPNC supports are:
MPLS with constrained distribution of routing information through BGP ("layer 3 VPNs")
Transport of layer 2 frames over MPLS ("layer 2 VPNs")

À òóò âîîáùå ãîâîðèòñÿ òåõíîëîãèÿõ êîòîðûå èñïîëüçóþòñÿ äëÿ îðãàíèçàöèè "secure VPN" è "trusted VPN", à êòî ñêàçàë, ÷òî VPN îáÿçàí áûòü áåçîïàñíûì èëè äîâåðåííûì? ß òàêîãî íå îáíàðóæèë

Òàê ÷òî, åñëè èñïîëüçóþòñÿ IPsec, SSL, TLS èëè ëþáîé óïîìÿíóòûé âèä øèôðîâàíèÿ, òî ëþáîé èíêàïñóëèðîâàííûé òóííåëü ïîëó÷àåòñÿ òðóÚ VPN.

Íåà, â ýòîì ñëó÷àå ïîëó÷àåòñÿ secure (áåçîïàñíûé) VPN! Åñëè æå øèôðîâàíèå íå èñïîëüçóåòñÿ, òî ëþáîé òóíåëü ÿâëÿåòñÿ VPN òîëüêî îí unsecured (íåáåçîïàñíûé)!

Òóííåëè áåç øèôðîâàíèÿ òðàôèêà - íå VPN ñ òî÷êè çðåíèÿ Êîíñîðöèóìà VPN. ß òàê ïîíÿë.

Äà, ãäå òàêîå ãîâîðèòñÿ? Òî ÷òî îíè íå ðàññìàòðèâàþò íåáåçîïàñíûå ïðîòîêîëû, åùå íå çíà÷èò, ÷òî îíè íå èìåþò ïðàâà íà ñóùåñòâîâàíèå, ïðîñòî èõ ïðèìèíåíèå ñèëüíî îãðàíè÷åíî. Ó êîíñîðöèóìà æå, öåëü ñòàíäàðòèçèðîâàòü ïîñòðîåíèå áåçîïàñíûõ ñåòåé!

Ïî ïîâîäó PPPoE:
 RFC2516 óïîìèíàåòñÿ, ÷òî ýòî íå òóííåëèðóþùèé ïðîòîêîë, çíà÷èò íå ìîæåò ñ÷èòàòüñÿ VPN ñ òåõíè÷åñêîé òî÷êè çðåíèÿ.

Ìîæåò ìû ðàçíûå RFC ÷èòàåì? ß íå âèæó óïîìèíàíèÿ î íå òóíåëèðóþùåì?

P.S. Êòî-òî ìîæåò ñ÷èòàòü ñîáàêàìè, íàïðèìåð, èñêëþ÷èòåëüíî áîéöîâñêèå ïîðîäû, âîò òîëüêî áîëîíêè ñ ïóäåëÿìè îò ýòîãî íå ïåðåñòàíóò áûòü ñîáàêàìè Ñìîòðèòå â êîðåíü!

[vectorm]

È? Ïîä ýòî îïðåäåëåíèå êàê-ðàç òàêè è ïîïàäàþò è PPTP, è PPPoE åñëè âû êîíå÷íî íå æåëàåòå ñóçèòü "the public telecommunication infrastructure" òîëüêî äî IP ñåòåé

À òóò âîîáùå ãîâîðèòñÿ òåõíîëîãèÿõ êîòîðûå èñïîëüçóþòñÿ äëÿ îðãàíèçàöèè "secure VPN" è "trusted VPN", à êòî ñêàçàë, ÷òî VPN îáÿçàí áûòü áåçîïàñíûì èëè äîâåðåííûì? ß òàêîãî íå îáíàðóæèë

Íåà, â ýòîì ñëó÷àå ïîëó÷àåòñÿ secure (áåçîïàñíûé) VPN! Åñëè æå øèôðîâàíèå íå èñïîëüçóåòñÿ, òî ëþáîé òóíåëü ÿâëÿåòñÿ VPN òîëüêî îí unsecured (íåáåçîïàñíûé)!

Äà, ãäå òàêîå ãîâîðèòñÿ? Òî ÷òî îíè íå ðàññìàòðèâàþò íåáåçîïàñíûå ïðîòîêîëû, åùå íå çíà÷èò, ÷òî îíè íå èìåþò ïðàâà íà ñóùåñòâîâàíèå, ïðîñòî èõ ïðèìèíåíèå ñèëüíî îãðàíè÷åíî. Ó êîíñîðöèóìà æå, öåëü ñòàíäàðòèçèðîâàòü ïîñòðîåíèå áåçîïàñíûõ ñåòåé!

Ìîæåò ìû ðàçíûå RFC ÷èòàåì? ß íå âèæó óïîìèíàíèÿ î íå òóíåëèðóþùåì?

P.S. Êòî-òî ìîæåò ñ÷èòàòü ñîáàêàìè, íàïðèìåð, èñêëþ÷èòåëüíî áîéöîâñêèå ïîðîäû, âîò òîëüêî áîëîíêè ñ ïóäåëÿìè îò ýòîãî íå ïåðåñòàíóò áûòü ñîáàêàìè Ñìîòðèòå â êîðåíü!

×èòàåì âíèìàòåëüíåå îïðåäåëåíèå VPN
A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
×èòàåì RFC2516:

PPP over Ethernet (PPPoE) provides the ability to connect a network
of hosts over a simple bridging access device to a remote Access
Concentrator. With this model, each host utilizes it's own PPP stack
and the user is presented with a familiar user interface. Access
control, billing and type of service can be done on a per-user,
rather than a per-site, basis.

To provide a point-to-point connection over Ethernet, each PPP
session must learn the Ethernet address of the remote peer, as well
as establish a unique session identifier. PPPoE includes a discovery
protocol that provides this.

È äàëåå:

PPPoE has two distinct stages. There is a Discovery stage and a PPP
Session stage. When a Host wishes to initiate a PPPoE session, it
must first perform Discovery to identify the Ethernet MAC address of
the peer and establish a PPPoE SESSION_ID. While PPP defines a
peer-to-peer relationship, Discovery is inherently a client-server
relationship. In the Discovery process, a Host (the client)
discovers an Access Concentrator (the server). Based on the network
topology, there may be more than one Access Concentrator that the
Host can communicate with. The Discovery stage allows the Host to
discover all Access Concentrators and then select one. When
Discovery completes successfully, both the Host and the selected
Access Concentrator have the information they will use to build their
point-to-point connection over Ethernet.

The Discovery stage remains stateless until a PPP session is
established. Once a PPP session is established, both the Host and
the Access Concentrator MUST allocate the resources for a PPP virtual
interface.

Äà è â ñàìîì RFC1661 íå íàøåë óïîìèíàíèé ïðî òóííåëèðîâàíèå.

Ìíå â ïðèíöèïå áåç ðàçíèöû, ïðîñòî ñàìîìó èíòåðåñíî ñòàëî.

[smi]

×èòàåì âíèìàòåëüíåå îïðåäåëåíèå VPN
A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.

Çàìå÷àòåëüíî, âûäåëåííîå âàìè ãîâîðèò ëèøü î òîì, êàê îñóùåñòâëÿåòñÿ ïîääåðæàíèå çàêðûòîñòè èíôîðìàöèè, ïðè ýòîì òóíåëèðóþùèé ïðîòîêîë îíè ïðèïëåëè ñþäà ñîâåðøåííî íàïðàñíî, ê privacy îí íèêàêîãî îòíîøåíèÿ íå èìååò, îí âñåãî ëèøü ôîðìèðóåò âèðòóàëüíûé êàíàë - òîò ñàìûé VPN, êîòîðûé óæå ìîæåò áûòü çàêðûò ñ ïîìîùüþ ïðîñåäóð áåçîïàñíîñòè. ß óæå îòìå÷àë, ÷òî äàííûé êîíñîðöèóì çàíèìàåòñÿ èñêëþ÷èòåëüíî secure & trusted VPNs, à ñàìî ïîíÿòèå VPN øèðå

×èòàåì RFC2516:
...
Äà è â ñàìîì RFC1661 íå íàøåë óïîìèíàíèé ïðî òóííåëèðîâàíèå.

Ò.å. åñëè íåò ñëîâà òîííåëü, òî òîííåëÿ íåò? Õîðîøî, âîò âàì óïîìèíàíèÿ î òîííåëå RFC3817

PPPoE [1] is often deployed in conjunction with L2TP [2] to carry PPP
[3] frames over a network beyond the reach of the local Ethernet
network to which a PPPoE Host is connected. For example, PPP frames
tunneled within PPPoE may be received by an L2TP Access Concentrator
(LAC) and then tunneled to any L2TP Network Server (LNS) reachable
via an IP network.

In addition to tunneling PPP over Ethernet, PPPoE defines a simple
method for discovering services offered by PPPoE Access Concentrators
(PPPoE AC) reachable via Ethernet from the PPPoE Host. Since the
packets used in this exchange are not carried over PPP, they are not
tunneled with the PPP packets over L2TP, thus the discovery
negotiation cannot extend past the LAC without adding functionality.

Äîñòàòî÷íî óïîìèíàíèé î òóííåëèðîâàíèè PPP over Ethernet èëè íåò?

Ìíå â ïðèíöèïå áåç ðàçíèöû, ïðîñòî ñàìîìó èíòåðåñíî ñòàëî.

Äà ìíå â îáùåì òî, òîæå ïî áàðàáàíó

[vectorm]

Çíà÷èò ïðèçíà¸ì, ÷òî pppoe - ýòî VPN, è âñ¸