- This topic is empty.
-
Posts
-
I’ve been looking into this as a replacement for pptp on our installs, the problem that is forcing us to change this is that as of today the pptp protocol with MSCHAPv2 is broken (see http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security) so it doens’t offer any security.
The natural replacement for this is l2tp, but the experience on the platforms testes is varied, this is what I found so far.- Android no problems so far, it can be configured with user/password only (psk is optional)
- Mac OSx, it supports either using a PSK (which zeroshell doesn’t) or HOST certificates (but strangely it doesn’t seem to like zeroshell created host certificates)
- ios (iphone), the only methods are RSAkey or PSK, none supported with zeroshell
The problem is that the only thing that works in across all the plaforms is using preshared key (PSK)
Currently racoon is configured to use rsasig for phase 1authentication_method rsasig
The other method, that would allow us to zs to work with IOS and others would be to use
authentication_method pre_shared_key
Does anyone have more info on this?
It seems that there’s a way to load the certificats into iphone, I am yet to explore this setup, but it looks good, it’s a non intrusive configuration that would’nt need further changes to zeroshell.
http://en.gentoo-wiki.com/wiki/VPN_iPhone_IPSec#With_CA
- You must be logged in to reply to this topic.