www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Zeroshell l2tp with Preshared key

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN
View previous topic :: View next topic  
Author Message
aseques



Joined: 16 Jun 2009
Posts: 59

PostPosted: Tue Oct 02, 2012 10:11 am    Post subject: Zeroshell l2tp with Preshared key Reply with quote

I've been looking into this as a replacement for pptp on our installs, the problem that is forcing us to change this is that as of today the pptp protocol with MSCHAPv2 is broken (see http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security) so it doens't offer any security.
The natural replacement for this is l2tp, but the experience on the platforms testes is varied, this is what I found so far.
    Android no problems so far, it can be configured with user/password only (psk is optional)

    Mac OSx, it supports either using a PSK (which zeroshell doesn't) or HOST certificates (but strangely it doesn't seem to like zeroshell created host certificates)

    ios (iphone), the only methods are RSAkey or PSK, none supported with zeroshell


The problem is that the only thing that works in across all the plaforms is using preshared key (PSK)
Currently racoon is configured to use rsasig for phase 1
Quote:
authentication_method rsasig

The other method, that would allow us to zs to work with IOS and others would be to use
Quote:
authentication_method pre_shared_key

Does anyone have more info on this?
Back to top
View user's profile Send private message
aseques



Joined: 16 Jun 2009
Posts: 59

PostPosted: Fri Oct 26, 2012 9:15 am    Post subject: Reply with quote

It seems that there's a way to load the certificats into iphone, I am yet to explore this setup, but it looks good, it's a non intrusive configuration that would'nt need further changes to zeroshell.
http://en.gentoo-wiki.com/wiki/VPN_iPhone_IPSec#With_CA
Back to top
View user's profile Send private message
aseques



Joined: 16 Jun 2009
Posts: 59

PostPosted: Wed Nov 21, 2012 8:00 am    Post subject: Reply with quote

So far I am stuck with this, it seems to me (still have to investigate a bit more) that racoon needs to be compiled enabling the hybrid mode (mixed authentication with x509 and certificates).
I will post whatever I can get.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> VPN All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group