L2TP/IPSEC - Ppp Profile Use encryption yes /no

huntah · March 28, 2014, 10:30pm

I have I question about L2TP/IPSEC configuration.
If I set ppp Profile Use Encryption to Yes or required I cannot connect with Android Phone but I have no Problem connecting with Win7 client.
It says It is using encoding “MPPE128STATELESS” in Active Connections.

If I set Use Encryption to no or default then the encoding field (in Active Connection) is empty but I can connect with Android Phone and Win7 Machine.

Does this mean that my connection is not secure (unencrypted) or that user and password when establishing connection are sent unencrypted (Security issue/concern!) but data is then encrypted.

Can anyone shed some light on this setting in concunjuction with L2TP/IPSEC VPN.
I have searched Wiki and forum but haven’t found anything on this..

Thanks in advance

rextended · March 28, 2014, 11:20pm

You miss to specify RouterOS version. from 6.8+ are some serious problem on MPPE encryption and IPsec…

I suggest you to use 6.7.

If you set no or disable, the ppp connection are not encrypted.

But if you use L2TP over the IPSec, connection are already encrypted, not waste time to double encryption…

huntah · March 29, 2014, 9:03pm

I use ROS 6.11 and I am happy to report is working for me without problems (DHCP on VLAN, L2TP Server and OVPN Client for VoIP).

So if I understood you correctly there is no need for use Encryption in ppp profile because the L2TP/IPSEC is already secure from start..

If the Encryption set to yes basicly double encrypts negotiation proces and traffic sent over L2TP/IPSEC interface.

rextended · March 29, 2014, 9:07pm

Exactly!