Solved

VPN software for LT2P tunnel authentication

Posted on 2014-10-04
5
374 Views
Last Modified: 2014-10-13
Hi Guys,

We need VPN software for Windows Server that would be able to do L2TP Tunnel Authentication / termination.

Any suggestions?
0
Comment
Question by:Rupert Eghardt
5 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40361724
Windows comes with a VPN client built in, windows server has a VPN server built in... So can you explain the situation a bit more?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40361727
I agree with Aaron, clarification is needed on this as Windows come with configurable VPN clients/connections built into the OS.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 40361733
as mentioned above, Windows severs come with built-in VPN support for both client and server over IPsec and PPTP. what you do is simply to follow the instructions to setup a VPN server using RRAS. see below the official technical document for details.

FYI - Checklist: Installing and Configuring an RRAS VPN Server
http://technet.microsoft.com/en-us/library/dd469733.aspx
0
 

Author Comment

by:Rupert Eghardt
ID: 40362189
Thanks for the help thus far, however, I am aware of Windows VPN abilities, but our requirement is somehow unique;
We have a service provider that provides us with a static IP, but for the static IP to work, we require L2TP "tunnel authentication" / "termination".

This is quite a unique feature and only a couple of router modules support this function.

An example of L2TP tunnel authentication / termination for router config;

•Protocol: L2TP VPN
•Type of connection: dial-out
•Server IP address: 196.30.xxx.xxx (this is a fixed IP address that you must supply)
•Connection type: Remote access
•Username: yourusername
•Password: yourDSLpassword
•Authentication type: PAP
•Tunnel authentication: enabled
•Secret: hxxx (this is a fixed secret for the L2TP server that you must supply)
•Activate as default route: yes
•Remote host name: (leave blank)
•Local host name: (leave blank)
•IPSec: not enabled
•Authentication: None
•Encryption: NULL
•Perfect forward secrecy: None
•Pre-shared key: (leave blank)

We've already tried a couple of routers with this VPN functionality, but all failed for various reasons;
I was advised by the ISP that as an alternate method, we can install VPN software on Windows server that supports L2TP VPN with tunnel authentication.

I don't think Windows supports this VPN functionality by default?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40362289
Had to read that up. "L2TP Tunnel Authentication" is used if you use a pure L2TP tunnel without encryption to authenticate the dial-in user. With L2TP/IPsec authentication is made by IPsec, and IPSec manages the credential stuff (in a much more secure way).

Some 3rd-party VPN clients indeed can use L2TP, but I have met none able to do what you request.
Worse, even if they would, they usually do not implement a routable interface, and so they can act only as a dial-in client working for programs running on that machine. (I'm very experienced in that part, as I always try to run proprietary VPN clients on a Windows router).
W2000 had a way to disable IPsec usage with L2TP (http://support2.microsoft.com/kb/258261/en-us) - but I expect that to being not available anymore.

This is indeed a very rare requirement, as there is no encryption, which contradicts with major reasons for using VPNs - security and privacy. As a matter of fact it only serves a purpose for ISP connections.

My recommendation is to ask the ISP for specific client information, or go back to the hardware router approach (and solve the issues with those).
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now