This page is a wiki. Please login or create an account to begin editing.


17 posts / 0 new
Last post
madalynmcworm's picture
Offline
Joined: 2017 Mar 28
VPN Software

Hi all,

I'm looking for working vpn software. Tunnelbuilder demo is nice, but 40 bit encryption seems a bit weak.

I'm having trouble getting PGPnet to forward all traffic over it to a vpn server, defeating the purpose of it.

Advice is welcome!

Comments

ticky's picture
Offline
Joined: 2020 Jul 31

I know it's an old thread, but I wound up down quite a rabbit hole trying to chase this tidbit - I could not for the life of me find PGPnet anywhere! It took some sleuthing, but I discovered that it was part of the "PGPfreeware" suite from version 6.5 through 7.0. I've added 6.5.1i/6.5.2 and 7.0.3 to the garden so others can find them!

I don't have any very-late advice for you, but I'm very curious about what's possible with PGPnet. Smile

cbone's picture
Online
Joined: 2011 Sep 17

So it only took you 3 years, 4 months, 3 days, 7 hours, 50 minutes to find these? Now that's what I call a record! Laughing out loud but seriously, great find Ticky! Smile most of us take much longer searching for all the lost treasures that are all too quickly vanishing out there Sad

You know what they say, "it may take a while, but once found… the possibilities are endless"! Facepalm

ticky's picture
Offline
Joined: 2020 Jul 31

Haha! It required some serious detective work! Big smile The missing link ended up this PDF manual for an unrelated (but compatible!) VPN package mentioning what PGPnet was part of! I’m sorry to say I only started the investigation about a week ago, though. Innocent

Unfortunately, it also meant learning that this version is not a VPN in the sense we’d think of them these days with our portable telephone-supercomputers and our region unlocking that one movie on Netflixes, where you establish a tunnel to connect through to another set of machines or the rest of the Internet; the freeware PGPnet only supports routing traffic to a specific VPN host, with no routing from there. There is a greyed out “Secure Gateway” option in PGPnet, but from what I can tell this option is effectively an advertisement for the commercial version of the PGP suite.

That being said, it turns out there appears to be a boxed copy of McAfee PGP Personal Security 7.1 (which I believe to be the commercial version corresponding with PGPfreeware 7.0.3) at a Canadian computer store, in 2020, being sold for 2001 retail prices… it’s sort of tempting to drop the $50 to liberate it… Laughing out loud

cbone's picture
Online
Joined: 2011 Sep 17

hmmm, for the greater good I suppose! Laughing out loud if only our pockets were as big as our dreams Smile

m68k's picture
Offline
Joined: 2016 Dec 30

Any chance getting a 68k VPN solution, that would still work today?

ticky's picture
Offline
Joined: 2020 Jul 31

TunnelBuilder allegedly works on 68030 or better, but the problem I think would then be a modern server to connect to, it’s using very out of date crypto. My guess is that a solution would require a modern, custom, implementation, or to find some security firm’s forgotten implementation...

cbone's picture
Online
Joined: 2011 Sep 17

How about connecting the VPN to another Classic Mac using a same-aged server? It wouldn't be anything useful to the outside world, but since we're taking over the world with all this old Mac software, I think it would be a nice little feat… just because!

ticky's picture
Offline
Joined: 2020 Jul 31

Well if anyone can find the companion “TunnelMaster” program mentioned in the TunnelBuilder documentation… Glasses

cbone's picture
Online
Joined: 2011 Sep 17

Aw shucks, we won't be able to take over the world now! insert maniacal laugh here, muahahaha!

adespoton's picture
Offline
Joined: 2015 Feb 15

An alternative solution would be to use that SSH client we stumbled across a few months back; SSH has VPN-like features in it that almost nobody uses.

ticky's picture
Offline
Joined: 2020 Jul 31

I’m not sure I’d call them VPN-like, but with MacSSH you can forward a port from a local machine to a port on a remote machine, and vice versa.

Modern SSH also implements a SOCKS proxy option (-D), whereby it opens a port which can act as a proxy for HTTP traffic, and such traffic is forwarded via the remote machine to its network and the broader internet.

It really depends on what you are attempting to achieve!

cbone's picture
Online
Joined: 2011 Sep 17

So I found out in pages 242 and 580 of the Macintosh Windows Integration book that NTS's TunnelMaster is actually a piece of hardware! Who knew!

Page 242: TunnelBuilder can also tunnel AppleTalk services through PPTP, let-
ting Mac users access printers and AppleShare file servers on the other
side of a virtual private network. To do this, you need to be using
NTS’s TunnelMaster server, a stand-alone hardware device that can
also tunnel IPX through though an TCP/IP network.

Page 580: AppleTalk can access NT Services for Macintosh, but there’s a catch.
TunnelBuilder’s NTS PPP supports AppleTalk over PPP for getting to
printers and AppleShare servers on the network. But Windows NT
RAS won’t route AppleTalk, so you can’t get to the network through
NT RAS. If you are willing to replace NT RAS, you can use Network
TeleSystems’ TunnelMaster, a hardware VPN server that can route
AppleTalk over PPTP. Macs can then access Services for Macintosh
through a VPN.

ticky's picture
Offline
Joined: 2020 Jul 31

Wow, now that’s a good find! Probably makes it even more unlikely we’ll find it. Puzzled

For TCP/IP traffic, at least, it looks as though TunnelBuilder would support a standard L2TP VPN server, with the caveat that the only encryption method it supports is RC-4, which is unfortunately not-secure as of the mid-2010s and is in fact the same system which now means that WEP encryption of Wi-Fi signals is also insecure. Darn!

As far as more modern crypto goes, though, a few things stick out to me:

  • MacSSH is open source, and while outdated, relies on the lsh SSH library, which, while not actively developed, was at least updated more recently than MacSSH (which uses version 1.1.8 from 2001, the latest being 2.9.2-exp in 2016, with further changes as late as 2017), meaning an updated version of MacSSH may be possible with some tinkering. I am not sure, however, what modern cryptography it implements.
  • The source code release in PGPfreeware 6.5.1i may have clues about how to write an OpenTransport module which would allow implementing a fully-realised proxy. It would not be legal to reuse the code as it is proprietary and provided for peer review and non-commercial uses only, but it could certainly prove instructive.
  • Through my own peer review I have learned that it likewise appears to contain the source code which implements the “Secure Gateway” function (the proper, modern sense of VPN, along with other non-freeware features and modules) which is disallowed in the freeware version, and the specific disallowing it (clients/net/mac/panel/source/CHostsPanel.cp,, line 899). It would not be legal to modify the binary to unlock this feature, though it would be quite trivial. Ho-hum!
  • Further to the above peer review, and somewhat surprisingly, it appears that the source code included in the PGPfreeware 6.5.1i distribution comes configured (clients/pgp/shared/pgpBuildFlags.h, lines 28-38) to build PGP Business Security, which, to my definitely-not-a-lawyer eye, and given the included license governing the source release, appears to mean that anyone tenacious enough to get a build environment running would be legally permitted to build PGP Business Security only. They appear to have inadvertently made it illegal to build the freeware version, and then legal to distribute the binary of PGP Business Security then produced, under the terms of the freeware license. Again, I am no lawyer, but, Laughing out loud
m68k's picture
Offline
Joined: 2016 Dec 30

Yeah but for MacSSH/68k to work you need to reactivate cyphers that are now deprecated by default in all standard distros. That''s no biggy in an secure(d) Intranet, but I wouldn't advise it for any traffic that goes across the Internet - which is what VPNs are customarily used for.

adespoton's picture
Offline
Joined: 2015 Feb 15

Good point. So the best solution is to use external hardware to tunnel through.

cbone's picture
Online
Joined: 2011 Sep 17

That's what I want to do (sort of) I think… I forgot now, lol Wink