Solved

VPN software for LT2P tunnel authentication

Posted on 2014-10-04
5
392 Views
Last Modified: 2014-10-13
Hi Guys,

We need VPN software for Windows Server that would be able to do L2TP Tunnel Authentication / termination.

Any suggestions?
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40361724
Windows comes with a VPN client built in, windows server has a VPN server built in... So can you explain the situation a bit more?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40361727
I agree with Aaron, clarification is needed on this as Windows come with configurable VPN clients/connections built into the OS.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40361733
as mentioned above, Windows severs come with built-in VPN support for both client and server over IPsec and PPTP. what you do is simply to follow the instructions to setup a VPN server using RRAS. see below the official technical document for details.

FYI - Checklist: Installing and Configuring an RRAS VPN Server
http://technet.microsoft.com/en-us/library/dd469733.aspx
0
 

Author Comment

by:Rupert Eghardt
ID: 40362189
Thanks for the help thus far, however, I am aware of Windows VPN abilities, but our requirement is somehow unique;
We have a service provider that provides us with a static IP, but for the static IP to work, we require L2TP "tunnel authentication" / "termination".

This is quite a unique feature and only a couple of router modules support this function.

An example of L2TP tunnel authentication / termination for router config;

•Protocol: L2TP VPN
•Type of connection: dial-out
•Server IP address: 196.30.xxx.xxx (this is a fixed IP address that you must supply)
•Connection type: Remote access
•Username: yourusername
•Password: yourDSLpassword
•Authentication type: PAP
•Tunnel authentication: enabled
•Secret: hxxx (this is a fixed secret for the L2TP server that you must supply)
•Activate as default route: yes
•Remote host name: (leave blank)
•Local host name: (leave blank)
•IPSec: not enabled
•Authentication: None
•Encryption: NULL
•Perfect forward secrecy: None
•Pre-shared key: (leave blank)

We've already tried a couple of routers with this VPN functionality, but all failed for various reasons;
I was advised by the ISP that as an alternate method, we can install VPN software on Windows server that supports L2TP VPN with tunnel authentication.

I don't think Windows supports this VPN functionality by default?
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40362289
Had to read that up. "L2TP Tunnel Authentication" is used if you use a pure L2TP tunnel without encryption to authenticate the dial-in user. With L2TP/IPsec authentication is made by IPsec, and IPSec manages the credential stuff (in a much more secure way).

Some 3rd-party VPN clients indeed can use L2TP, but I have met none able to do what you request.
Worse, even if they would, they usually do not implement a routable interface, and so they can act only as a dial-in client working for programs running on that machine. (I'm very experienced in that part, as I always try to run proprietary VPN clients on a Windows router).
W2000 had a way to disable IPsec usage with L2TP (http://support2.microsoft.com/kb/258261/en-us) - but I expect that to being not available anymore.

This is indeed a very rare requirement, as there is no encryption, which contradicts with major reasons for using VPNs - security and privacy. As a matter of fact it only serves a purpose for ISP connections.

My recommendation is to ask the ISP for specific client information, or go back to the hardware router approach (and solve the issues with those).
0

Featured Post

WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question