Eliezer Croitoru
2015-Sep-17 23:47 UTC
[CentOS] I want to connect to a l2tp server from centos.
I have a server currently connecting to a pptp remote server. This server(lns\lac) has the option for pptp connections and l2tp connections. The l2tp connections are not using ipsec encryption at all. I have seen couple guides\tutorials on the internet: - https://raymii.org/s/tutorials/IPSEC_L2TP_vpn_on_CentOS_-_Red_Hat_Enterprise_Linux_or_Scientific_-_Linux_6.html - https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup But all the guides that I have found are using ipsec with "secret". On ubuntu there is a gui applet that helps setting these kind of connections up but I am working with a CentOS server and not Ubuntu desktop. If someone used l2tp the same way I want to use on CentOS 7 please give me some advice. If you have a guide which might help me I will be more then happy to see this one. Thanks, Eliezer
John R Pierce
2015-Sep-18 00:00 UTC
[CentOS] I want to connect to a l2tp server from centos.
On 9/17/2015 4:47 PM, Eliezer Croitoru wrote:> I have a server currently connecting to a pptp remote server. > This server(lns\lac) has the option for pptp connections and l2tp > connections. > The l2tp connections are not using ipsec encryption at all.PPTP doesn't use ipsec either, it uses its own MPPE encryption based on RC4, which is considered insecure as of years ago. L2TP is normally used within another encrypted transport. -- john r pierce, recycling bits in santa cruz
Gordon Messmer
2015-Sep-18 00:57 UTC
[CentOS] I want to connect to a l2tp server from centos.
On 09/17/2015 04:47 PM, Eliezer Croitoru wrote:> If someone used l2tp the same way I want to use on CentOS 7 please > give me some advice.l2tp, by itself, offers no encryption. Notably, that means that your password is going to cross the network in clear text. Bare l2tp is the VPN equivalent of telnet. I really strongly recommend that you reconsider. ipsec, by itself, is a much better and easier way to achieve your goal. It will require less setup, and offer better security. There's no down side; ipsec is clearly a better choice for connecting two systems over an unsecured network. l2tp is typically used in conjunction with ipsec, for mobile clients. The reason is that l2tp integrates with external authentication (RADIUS, LDAP, Active Directory, etc) better than ipsec alone does. That's great when you have a group of users that you want to have individual authentication keys, but it's not a good fit for connecting one server to another.
Eliezer Croitoru
2015-Sep-18 01:33 UTC
[CentOS] I want to connect to a l2tp server from centos.
Hey John, I do not require encryption at all, it's a secure and internal channel but it requires me to connect via either pptp or l2tp. This is the reason I am asking. I had the chance of finding the SoftEther Project which gives a lot in terms of VPN Client and Server. At: http://www.softether-download.com/en.aspx But yet to try it. Also they have all sorts of beta versions but not something they call stable in their downloads. I think I will try to use their product if I will not find an example on how to use l2tp without ipsec encryption. Thanks, Eliezer On 18/09/2015 03:00, John R Pierce wrote:> On 9/17/2015 4:47 PM, Eliezer Croitoru wrote: >> I have a server currently connecting to a pptp remote server. >> This server(lns\lac) has the option for pptp connections and l2tp >> connections. >> The l2tp connections are not using ipsec encryption at all. > > PPTP doesn't use ipsec either, it uses its own MPPE encryption based on > RC4, which is considered insecure as of years ago. > > L2TP is normally used within another encrypted transport.
Eliezer Croitoru
2015-Sep-21 00:50 UTC
[CentOS] I want to connect to a l2tp server from centos.
Hey Gordon, I do not have any security issue in this network. I need to connect to a remote network on a secure network. The options are pptp or l2tp(no ipsec encryption) so I do want to use l2tp like in (lac\lns) and I am looking for a client for CentOS. Note that it works in ubuntu so it is possible to achieve the same with CentOS but I do not know what is behind the gui that initiates the connection for l2tp. With pptp I have no issue and I have a connection which works a lot of time. Thanks, Eliezer On 18/09/2015 03:57, Gordon Messmer wrote:> On 09/17/2015 04:47 PM, Eliezer Croitoru wrote: >> If someone used l2tp the same way I want to use on CentOS 7 please >> give me some advice. > > l2tp, by itself, offers no encryption. Notably, that means that your > password is going to cross the network in clear text. Bare l2tp is the > VPN equivalent of telnet. I really strongly recommend that you reconsider. > > ipsec, by itself, is a much better and easier way to achieve your goal. > It will require less setup, and offer better security. There's no down > side; ipsec is clearly a better choice for connecting two systems over > an unsecured network. > > l2tp is typically used in conjunction with ipsec, for mobile clients. > The reason is that l2tp integrates with external authentication (RADIUS, > LDAP, Active Directory, etc) better than ipsec alone does. That's great > when you have a group of users that you want to have individual > authentication keys, but it's not a good fit for connecting one server > to another. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos