#1
I setup an IPSEC tunnel between 2 routers. It works fine.
#2
I setup a PPTP tunnel inside the IPSEC tunnel, it works fine.
I setup a L2TP tunnel with "use encryption=yes" inside the IPSEC tunnel, it works fine.
#3
I setup a L2TP tunnel with "use encryption=no" inside the IPSEC tunnel... it connects but won't pass any data.
I don't need encryption with L2TP because it is inside an encrypted IPSEC tunnel already.
Why does it not work when MPPE encryption is disabled?
Any ideas?
Re: IPSEC + L2TP works ONLY WITH DOUBLE ENCRYPTION
BUMP
I'm having the same problem.
I'm using IPSec to wrap the L2TP session, so I really don't need MPPE on the L2TP session.
How can I disable MPPE on the L2TP internal channel?
[When I set the PPP profile assigned to the L2TP server to "Protocols | no encryption" it turns off the *IPSec encryption* - at least that's what you see when you go see the SA's in IPSec.]
[I've tried the registry hack to set it to allow weak-crypto for L2TP and then set the RoS L2TP server to use PAP/CHAP but then the sessions fail with a 734 error.]
So, again, is there a way to disable MPPE on the L2TP session? There's simply no reason to do MPPE on the L2TP session when you're doing IPSec on the outside.
-Greg
I'm having the same problem.
I'm using IPSec to wrap the L2TP session, so I really don't need MPPE on the L2TP session.
How can I disable MPPE on the L2TP internal channel?
[When I set the PPP profile assigned to the L2TP server to "Protocols | no encryption" it turns off the *IPSec encryption* - at least that's what you see when you go see the SA's in IPSec.]
[I've tried the registry hack to set it to allow weak-crypto for L2TP and then set the RoS L2TP server to use PAP/CHAP but then the sessions fail with a 734 error.]
So, again, is there a way to disable MPPE on the L2TP session? There's simply no reason to do MPPE on the L2TP session when you're doing IPSec on the outside.
-Greg
Re: IPSEC + L2TP works ONLY WITH DOUBLE ENCRYPTION
Anyone? Is there no way to disable MPPE on the inner tunnel in L2TP between a Windows client and a RB?
RoS v5.19, BTW.
TIA
-Greg
RoS v5.19, BTW.
TIA
-Greg
Re: IPSEC + L2TP works ONLY WITH DOUBLE ENCRYPTION
It doesn't make any sense to encrypt the data twice.
Are you sure that the double encryption is really happening?
Microsoft say they don't do double encryption:
http://technet.microsoft.com/en-us/libr ... s.10).aspx
Are you sure that the double encryption is really happening?
Microsoft say they don't do double encryption:
http://technet.microsoft.com/en-us/libr ... s.10).aspx
http://technet.microsoft.com/en-us/libr ... s.10).aspxIf you configure the VPN connection to connect to a PPTP server, only MPPE encryption is used. If you configure the VPN connection to connect to an L2TP server, only IPSec encryption is used
Regards.Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE to encrypt PPP datagrams. L2TP relies on Internet Protocol security (IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec
Re: IPSEC + L2TP works ONLY WITH DOUBLE ENCRYPTION
Microsoft also says that you can use CHAP instead of MS-CHAPv2 if you want to be absolutely sure that MPPE is avoided:
http://technet.microsoft.com/en-us/libr ... s.10).aspx
http://technet.microsoft.com/en-us/libr ... s.10).aspx
Regards.You cannot use Microsoft Point-to-Point Encryption (MPPE) if CHAP is used to authenticate the connection.
Re: IPSEC + L2TP works ONLY WITH DOUBLE ENCRYPTION
Curious about this myself.
Sent from my SCH-I545 using Tapatalk 2
Sent from my SCH-I545 using Tapatalk 2
Who is online
Users browsing this forum: loloski and 103 guests