Microsoft Windows 7/10 build in VPN client

Does Microsoft Windows 7/10 build in VPN client (L2TP over IPsec) support DES encryption and MD5 authentication?
ciscosuppAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Here are the VPN types including IPsec for Windows 10. I do not think Windows 7 had a decent IPsec client.

https://docs.microsoft.com/en-us/windows/security/identity-protection/vpn/vpn-connection-type

We use NCP Secure Entry on Windows 10 (www.ncp-e.com) as it is a convenient and robust client.
ciscosuppAuthor Commented:
My question was
Does Microsoft Windows 7/10 build in VPN client (L2TP over IPsec) support DES encryption and MD5 authentication?
JohnBusiness Consultant (Owner)Commented:
If you look here for Windows 10, it uses a certificate for the security settings and from what I can see that does not include DES.

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)

You need a client that can be set up in detail such as NCP.

Forget Windows 7 for a built in IPsec client. We use NCP for Windows 7 as well.
Are You Protected from Q3's Internet Threats?

Every quarter, WatchGuard's Threat Lab releases a security report that analyzes the top threat trends impacting companies around the world. For Q3, we saw that 6.8% of the top 100K websites use insecure SSL protocols. Read the full report to start protecting your business today!

ciscosuppAuthor Commented:
Answer to my question is.

By default Microsoft build in VPN clients do not support DES/MD5

To enable support for DES/MD5 follow these steps:

1.      Click Start, click Run, type regedit, and then click OK.

2.      In Registry Editor, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

3.      On the Edit menu, point to New, and then click DWORD Value.

4.      Type AllowL2TPWeakCrypto, and then press ENTER.

5.      On the Edit menu, click Modify.

6.      In the Value data box, type 1, and then click OK.

7.      On the File menu, click Exit to exit Registry Editor

8.      Restart PC/Laptop

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
I hope you are aware that there is a very good reason not to support DES or MD5 - they implement a very weak "security" (if you can call it such at all), so you might as well use no encryption/authentication.
But of course there are still devices out there not allowing to use something reasonable ...
btanExec ConsultantCommented:
no longer support the weak cipher (DES) and hash (MD5).
The following crypto algorithms are no longer supported on Windows Vista or later versions:

40- and 56-bit RC4 encryption, formerly used by the Microsoft Point-to-Point Encryption (MPPE) Protocol for PPTP-based VPN connections
DES encryption, formerly used by IPsec policy within L2TP/IPsec-based VPN connections
MD5 integrity checking, formerly used by IPsec policy within L2TP/IPsec-based VPN connections
http://sourcedaddy.com/windows-7/weak-cryptography-removal-from-pp-tpl2tp.html
the default is 3 DES and SHA1
The removal of support for DES encryption and MD5 integrity checking for L2TP/IPsecbased VPN connections means that L2TP/IPsec-based VPN connections now support the following data encryption and data integrity algorithms by default:

128-bit AES, 256-bit AES, and 3DES for data encryption using IPsec
Secure Hash Algorithm (SHA1) for data integrity using IPsec

Default Encryption Settings for the Microsoft L2TP/IPSec Virtual Private Network Client-
https://support.microsoft.com/en-us/help/325158/default-encryption-settings-for-the-microsoft-l2tp-ipsec-virtual-priva
ciscosuppAuthor Commented:
People in the form did not answer my question
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.