I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all. I have seen couple guides\tutorials on the internet: - https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_CentOS_-_Red_Hat_Enterprise... - https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup
But all the guides that I have found are using ipsec with "secret". On ubuntu there is a gui applet that helps setting these kind of connections up but I am working with a CentOS server and not Ubuntu desktop.
If someone used l2tp the same way I want to use on CentOS 7 please give me some advice.
If you have a guide which might help me I will be more then happy to see this one.
Thanks, Eliezer
On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:
I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all.
PPTP doesn't use ipsec either, it uses its own MPPE encryption based on RC4, which is considered insecure as of years ago.
L2TP is normally used within another encrypted transport.
Hey John,
I do not require encryption at all, it's a secure and internal channel but it requires me to connect via either pptp or l2tp. This is the reason I am asking. I had the chance of finding the SoftEther Project which gives a lot in terms of VPN Client and Server. At: http://www.softether-download.com/en.aspx
But yet to try it. Also they have all sorts of beta versions but not something they call stable in their downloads.
I think I will try to use their product if I will not find an example on how to use l2tp without ipsec encryption.
Thanks, Eliezer
On 18/09/2015 03:00, John R Pierce wrote:
On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:
I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all.
PPTP doesn't use ipsec either, it uses its own MPPE encryption based on RC4, which is considered insecure as of years ago.
L2TP is normally used within another encrypted transport.
OK So i took the time and finally built a RPM for the softether vpn server and client. I have not tested them for usage but I found out that only the server side can work with multiple protocols while the client side works only with one protocol. The actual protocol is called "ethernet overl HTTPS". More info on the product: http://www.softether.org/
The gui is only for windows as far as I could understand.
So no l2tp client there but aleast a nice VPN service.
SRPM can be found here: http://ngtech.co.il/rpm/centos/7/SRPMS/softethervpn-4.18.9570-2.el7.centos.s...
The repo is here(also latest squid-cache repo): http://ngtech.co.il/rpm/centos/7/x86_64/
Eliezer
On 18/09/2015 04:33, Eliezer Croitoru wrote:
Hey John,
I do not require encryption at all, it's a secure and internal channel but it requires me to connect via either pptp or l2tp. This is the reason I am asking. I had the chance of finding the SoftEther Project which gives a lot in terms of VPN Client and Server. At: http://www.softether-download.com/en.aspx
But yet to try it. Also they have all sorts of beta versions but not something they call stable in their downloads.
I think I will try to use their product if I will not find an example on how to use l2tp without ipsec encryption.
Thanks, Eliezer
On 18/09/2015 03:00, John R Pierce wrote:
On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:
I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all.
PPTP doesn't use ipsec either, it uses its own MPPE encryption based on RC4, which is considered insecure as of years ago.
L2TP is normally used within another encrypted transport.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Eliezer Croitoru Sent: Friday, September 18, 2015 2:21 AM To: centos@centos.org Subject: Re: [CentOS] I want to connect to a l2tp server from centos.
<OK So i took the time and finally built a RPM for the softether vpn server and client. I have not tested them for usage but I found out that only the server side can work with multiple protocols while the client side works only with one protocol. The actual protocol is called "ethernet overl HTTPS". More info on the product: http://www.softether.org/%3E
For what it's worth, it runs just fine downloading and running it directly. I will agree, they usually only release beta versions so we hang back one or two beta's from the latest. In my case SoftEther VPN "just works". I will say if you are new to VPN's as I was (and still learning) it'll drive you nuts at times setting things up to make it all mesh together. Router tables, firewall rules, etc. Once your golden, you can literally forget how it works. Yup, took plenty of notes. (Hopefully they are good enough :) )
We have a remote office and my home lan VPN'd into the server (All CentOS 6.7 boxen) on a virtual hub. My remote users (Windows only so far) VPN in on a separate virtual hub and so far it has gone well. Kudos to SoftEther VPN for a double click to start, double click to stop a VPN connection in Windows!
I also wrote a script to setup the tap interfaces, routing table entries and do several test pings to make sure the links setup correctly. This was done because softEther VPN would be ready to go before the TAP interfaces were up and ready and caused issues.
My smartphone users can connect via l2tp/IPsec but no one (including me) wants to mess with it. It would be really nice if the SoftEther VPN folks would write a smartphone client.
<The gui is only for windows as far as I could understand.>
Yes the GUI is Windows only (as far as I know) but works well no matter what platform the server is running well.
<So no l2tp client there but aleast a nice VPN service.>
Because my employer has AT&T Fiber/PNT/firewall/VPN services (read software defined networking) I'm actually happy my main support is SSL-VPN (via https) Makes my life a lot easier. It's to the point our company has decided NOT to use the AT&T global network client in favor of SoftEther VPN for our remote needs.
Kind regards,
Richard
SRPM can be found here: http://ngtech.co.il/rpm/centos/7/SRPMS/softethervpn-4.18.9570-2.el7.centos.s...
The repo is here(also latest squid-cache repo): http://ngtech.co.il/rpm/centos/7/x86_64/
Eliezer
--- Richard Zimmerman Systems / Network Administrator River Bend Hose Specialty, Inc. 1111 S Main Street South Bend, IN 46601-3337 (574) 233-1133 (574) 280-7284 Fax
On 18/09/2015 04:33, Eliezer Croitoru wrote:
Hey John,
I do not require encryption at all, it's a secure and internal channel but it requires me to connect via either pptp or l2tp. This is the reason I am asking. I had the chance of finding the SoftEther Project which gives a lot in terms of VPN Client and Server. At: http://www.softether-download.com/en.aspx
But yet to try it. Also they have all sorts of beta versions but not something they call stable in their downloads.
I think I will try to use their product if I will not find an example on how to use l2tp without ipsec encryption.
Thanks, Eliezer
On 18/09/2015 03:00, John R Pierce wrote:
On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:
I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all.
PPTP doesn't use ipsec either, it uses its own MPPE encryption based on RC4, which is considered insecure as of years ago.
L2TP is normally used within another encrypted transport.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 09/17/2015 04:47 PM, Eliezer Croitoru wrote:
If someone used l2tp the same way I want to use on CentOS 7 please give me some advice.
l2tp, by itself, offers no encryption. Notably, that means that your password is going to cross the network in clear text. Bare l2tp is the VPN equivalent of telnet. I really strongly recommend that you reconsider.
ipsec, by itself, is a much better and easier way to achieve your goal. It will require less setup, and offer better security. There's no down side; ipsec is clearly a better choice for connecting two systems over an unsecured network.
l2tp is typically used in conjunction with ipsec, for mobile clients. The reason is that l2tp integrates with external authentication (RADIUS, LDAP, Active Directory, etc) better than ipsec alone does. That's great when you have a group of users that you want to have individual authentication keys, but it's not a good fit for connecting one server to another.
Hey Gordon,
I do not have any security issue in this network. I need to connect to a remote network on a secure network. The options are pptp or l2tp(no ipsec encryption) so I do want to use l2tp like in (lac\lns) and I am looking for a client for CentOS. Note that it works in ubuntu so it is possible to achieve the same with CentOS but I do not know what is behind the gui that initiates the connection for l2tp. With pptp I have no issue and I have a connection which works a lot of time.
Thanks, Eliezer
On 18/09/2015 03:57, Gordon Messmer wrote:
On 09/17/2015 04:47 PM, Eliezer Croitoru wrote:
If someone used l2tp the same way I want to use on CentOS 7 please give me some advice.
l2tp, by itself, offers no encryption. Notably, that means that your password is going to cross the network in clear text. Bare l2tp is the VPN equivalent of telnet. I really strongly recommend that you reconsider.
ipsec, by itself, is a much better and easier way to achieve your goal. It will require less setup, and offer better security. There's no down side; ipsec is clearly a better choice for connecting two systems over an unsecured network.
l2tp is typically used in conjunction with ipsec, for mobile clients. The reason is that l2tp integrates with external authentication (RADIUS, LDAP, Active Directory, etc) better than ipsec alone does. That's great when you have a group of users that you want to have individual authentication keys, but it's not a good fit for connecting one server to another. _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On 09/20/2015 05:50 PM, Eliezer Croitoru wrote:
I do not have any security issue in this network. I need to connect to a remote network on a secure network. The options are pptp or l2tp(no ipsec encryption) so I do want to use l2tp like in (lac\lns) and I am looking for a client for CentOS.
The client is "xl2tpd", and you can find it in EPEL.
Client setup is described here: http://www.xinotes.net/notes/note/1524/
Thanks!
Eliezer
---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@ngtech.co.il
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Monday, September 21, 2015 9:46 PM To: CentOS mailing list centos@centos.org Subject: Re: [CentOS] I want to connect to a l2tp server from centos.
On 09/20/2015 05:50 PM, Eliezer Croitoru wrote:
I do not have any security issue in this network. I need to connect to a remote network on a secure network. The options are pptp or l2tp(no ipsec encryption) so I do want to use l2tp like in (lac\lns) and I am looking for a client for CentOS.
The client is "xl2tpd", and you can find it in EPEL.
Client setup is described here: http://www.xinotes.net/notes/note/1524/ _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Eliezer Croitoru -
Gordon Messmer -
John R Pierce -
Richard Zimmerman