MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported.
However, how I can select 40bit over 128bit using two RouterOS devices?
Please, don’t say that 40bit it’s a weak encryption, or recomened IPSec as MPPe 128bit is also insecure. That I need is a simple “ofuscation” with a very low CPU overhead. So, a 40bit encryption is a good alternative. Also, no encryption in L2TP plus IPSec is not a solution for me… I really need to use ONLY L2TP, but with 40bit and not 128bit encryption.
Someone knows how to stablish a L2TP connection (PPP in general) between two RouterOS devices using MPPE 40bit?
Please, help me!
Thank you.
An why?
As I say we need to use L2TP with a light encryption (equal near to ‘ofuscation’ with a very low CPU overhard). So, no encryption is not a solution for us. Please, can you provide one alternative? I request to reactivate MPPE 40bit.
jan/05/2017 08:46:39 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/05/2017 10:10:01 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/05/2017 10:56:21 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/05/2017 11:21:17 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/07/2017 19:05:01 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/13/2017 12:56:47 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/13/2017 20:38:43 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
jan/14/2017 09:49:43 ppp,error,critical 192.168.172.21: Encryption got out of
sync - disabling
Please, help me to: 1) Enforce the encryption… as isn’t acceptable that a encrypted tunnel changes to clear tunnel!!! 2) Enable MPPE 40bit, as my concentrator (L2TP server) seems to don’t have sufficient CPU performance.
Also, I think that added problem is the unreliable link over I’m running the tunnel: a wireless link with some noise. Then some packets are lost (around 1%). So, we need to have a reliable L2TP tunnel. I suggest to “reset” the PPP tunnel when the encryption goes out of sync, instead of failback to no encryption.
Now I see that the documentation page is updated: the 40bit RC4 support is removed.
OK. Also, I check that in MPPE the RC4 algorithm is ARCFOUR, then MPPE 40bit is ARCFOUR-40 (deprecated) and MPPE 128bit is ARCFOUR or ARCFOUR-128 (I feel is the first).
Then, as ARCFOUR is the less CPU intensive encryption algorithm used in RouterOS, we can leave without MPPE 40bit. So, don’t worry for use MPPE 128bit stateless as an “ofuscator” (not a true encryption).
However, I need a solution for the problem to switch to non-encryption when several sync errors appears. Can you help me to overcome this problem?
Thank you!