Solved

VPN software for LT2P tunnel authentication

Posted on 2014-10-04
5
382 Views
Last Modified: 2014-10-13
Hi Guys,

We need VPN software for Windows Server that would be able to do L2TP Tunnel Authentication / termination.

Any suggestions?
0
Comment
Question by:Rupert Eghardt
5 Comments
 
LVL 38

Expert Comment

by:Aaron Tomosky
ID: 40361724
Windows comes with a VPN client built in, windows server has a VPN server built in... So can you explain the situation a bit more?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40361727
I agree with Aaron, clarification is needed on this as Windows come with configurable VPN clients/connections built into the OS.
0
 
LVL 37

Expert Comment

by:bbao
ID: 40361733
as mentioned above, Windows severs come with built-in VPN support for both client and server over IPsec and PPTP. what you do is simply to follow the instructions to setup a VPN server using RRAS. see below the official technical document for details.

FYI - Checklist: Installing and Configuring an RRAS VPN Server
http://technet.microsoft.com/en-us/library/dd469733.aspx
0
 

Author Comment

by:Rupert Eghardt
ID: 40362189
Thanks for the help thus far, however, I am aware of Windows VPN abilities, but our requirement is somehow unique;
We have a service provider that provides us with a static IP, but for the static IP to work, we require L2TP "tunnel authentication" / "termination".

This is quite a unique feature and only a couple of router modules support this function.

An example of L2TP tunnel authentication / termination for router config;

•Protocol: L2TP VPN
•Type of connection: dial-out
•Server IP address: 196.30.xxx.xxx (this is a fixed IP address that you must supply)
•Connection type: Remote access
•Username: yourusername
•Password: yourDSLpassword
•Authentication type: PAP
•Tunnel authentication: enabled
•Secret: hxxx (this is a fixed secret for the L2TP server that you must supply)
•Activate as default route: yes
•Remote host name: (leave blank)
•Local host name: (leave blank)
•IPSec: not enabled
•Authentication: None
•Encryption: NULL
•Perfect forward secrecy: None
•Pre-shared key: (leave blank)

We've already tried a couple of routers with this VPN functionality, but all failed for various reasons;
I was advised by the ISP that as an alternate method, we can install VPN software on Windows server that supports L2TP VPN with tunnel authentication.

I don't think Windows supports this VPN functionality by default?
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 40362289
Had to read that up. "L2TP Tunnel Authentication" is used if you use a pure L2TP tunnel without encryption to authenticate the dial-in user. With L2TP/IPsec authentication is made by IPsec, and IPSec manages the credential stuff (in a much more secure way).

Some 3rd-party VPN clients indeed can use L2TP, but I have met none able to do what you request.
Worse, even if they would, they usually do not implement a routable interface, and so they can act only as a dial-in client working for programs running on that machine. (I'm very experienced in that part, as I always try to run proprietary VPN clients on a Windows router).
W2000 had a way to disable IPsec usage with L2TP (http://support2.microsoft.com/kb/258261/en-us) - but I expect that to being not available anymore.

This is indeed a very rare requirement, as there is no encryption, which contradicts with major reasons for using VPNs - security and privacy. As a matter of fact it only serves a purpose for ISP connections.

My recommendation is to ask the ISP for specific client information, or go back to the hardware router approach (and solve the issues with those).
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question