Zeroshell l2tp with Preshared key

Home Page Forums Network Management VPN Zeroshell l2tp with Preshared key

This topic contains 1 reply, has 0 voices, and was last updated by  aseques 6 years, 10 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #43453

    aseques
    Member

    I’ve been looking into this as a replacement for pptp on our installs, the problem that is forcing us to change this is that as of today the pptp protocol with MSCHAPv2 is broken (see http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security) so it doens’t offer any security.
    The natural replacement for this is l2tp, but the experience on the platforms testes is varied, this is what I found so far.

      Android no problems so far, it can be configured with user/password only (psk is optional)

      Mac OSx, it supports either using a PSK (which zeroshell doesn’t) or HOST certificates (but strangely it doesn’t seem to like zeroshell created host certificates)

      ios (iphone), the only methods are RSAkey or PSK, none supported with zeroshell

    The problem is that the only thing that works in across all the plaforms is using preshared key (PSK)
    Currently racoon is configured to use rsasig for phase 1

    authentication_method rsasig

    The other method, that would allow us to zs to work with IOS and others would be to use

    authentication_method pre_shared_key

    Does anyone have more info on this?

    #52479

    aseques
    Member

    It seems that there’s a way to load the certificats into iphone, I am yet to explore this setup, but it looks good, it’s a non intrusive configuration that would’nt need further changes to zeroshell.
    http://en.gentoo-wiki.com/wiki/VPN_iPhone_IPSec#With_CA

    #52480

    aseques
    Member

    So far I am stuck with this, it seems to me (still have to investigate a bit more) that racoon needs to be compiled enabling the hybrid mode (mixed authentication with x509 and certificates).
    I will post whatever I can get.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.